I have implimented a filter using that I have escaped the user content from the request and I have also used prepared and callable stmts to avoid SQL Injection.
But filters reduces the performance and so just wanted to know how it has been implemented in struts releases where they have taken care of such vulnerabilities. So that I could use a performance based code.
author & internet detective
It's not the filter reducing the performance; it's the search/replace. Any solution is going to need to do that. Luckily, it reduces the performance by such a tiny percentage compared to the database call that it's a non-issue.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
subject: Struts XSS and SQL Injection vulnerabilities