jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes req.getParameter Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "req.getParameter Security" Watch "req.getParameter Security" New topic

req.getParameter Security

Dan Patsey

Joined: Aug 25, 2006
Posts: 7
If you are using req.getParameter() in a servlet to gather data from a form... What methods could you use to guarantee that the data is coming from that form and not a malicious user who is typing the parameters in the url (ie. www.something.com/servletname?importantparameter=something)
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

Never trust data coming from the web.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
indeed. Reject everything that's not within strictly guarded boundaries.
Design your application in such a way that freeform strings entered can never cause harm.
Etc. etc.

Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2053
Originally posted by Dan Patsey:
What methods

Design strategy? security strategy? something else? What 'methods' do you mean?

Depending on what you mean, you can look at securing your entire communication by https.

[ August 26, 2006: Message edited by: Jesus Angeles ]
[ August 26, 2006: Message edited by: Jesus Angeles ]
I agree. Here's the link: http://aspose.com/file-tools
subject: req.getParameter Security