aspose file tools*
The moose likes Servlets and the fly likes req.getParameter Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "req.getParameter Security" Watch "req.getParameter Security" New topic
Author

req.getParameter Security

Dan Patsey
Greenhorn

Joined: Aug 25, 2006
Posts: 7
If you are using req.getParameter() in a servlet to gather data from a form... What methods could you use to guarantee that the data is coming from that form and not a malicious user who is typing the parameters in the url (ie. www.something.com/servletname?importantparameter=something)
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Never trust data coming from the web.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
indeed. Reject everything that's not within strictly guarded boundaries.
Design your application in such a way that freeform strings entered can never cause harm.
Etc. etc.


42
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2057
Originally posted by Dan Patsey:
What methods


Design strategy? security strategy? something else? What 'methods' do you mean?

Depending on what you mean, you can look at securing your entire communication by https.

[ August 26, 2006: Message edited by: Jesus Angeles ]
[ August 26, 2006: Message edited by: Jesus Angeles ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: req.getParameter Security