It's not a secret anymore!
The moose likes Servlets and the fly likes req.getParameter Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "req.getParameter Security" Watch "req.getParameter Security" New topic

req.getParameter Security

Dan Patsey

Joined: Aug 25, 2006
Posts: 7
If you are using req.getParameter() in a servlet to gather data from a form... What methods could you use to guarantee that the data is coming from that form and not a malicious user who is typing the parameters in the url (ie.
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

Never trust data coming from the web.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
indeed. Reject everything that's not within strictly guarded boundaries.
Design your application in such a way that freeform strings entered can never cause harm.
Etc. etc.

Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2068
Originally posted by Dan Patsey:
What methods

Design strategy? security strategy? something else? What 'methods' do you mean?

Depending on what you mean, you can look at securing your entire communication by https.

[ August 26, 2006: Message edited by: Jesus Angeles ]
[ August 26, 2006: Message edited by: Jesus Angeles ]
I agree. Here's the link:
subject: req.getParameter Security
It's not a secret anymore!