• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

req.getParameter Security

 
Dan Patsey
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are using req.getParameter() in a servlet to gather data from a form... What methods could you use to guarantee that the data is coming from that form and not a malicious user who is typing the parameters in the url (ie. www.something.com/servletname?importantparameter=something)
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never trust data coming from the web.
 
Jeroen T Wenting
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
indeed. Reject everything that's not within strictly guarded boundaries.
Design your application in such a way that freeform strings entered can never cause harm.
Etc. etc.
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Dan Patsey:
What methods


Design strategy? security strategy? something else? What 'methods' do you mean?

Depending on what you mean, you can look at securing your entire communication by https.

[ August 26, 2006: Message edited by: Jesus Angeles ]
[ August 26, 2006: Message edited by: Jesus Angeles ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic