File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes How to prevent cross site cripting parameter manipulation attacks in jsp? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "How to prevent cross site cripting parameter manipulation attacks in jsp?" Watch "How to prevent cross site cripting parameter manipulation attacks in jsp?" New topic
Author

How to prevent cross site cripting parameter manipulation attacks in jsp?

vishnu vyasan
Ranch Hand

Joined: May 27, 2008
Posts: 39
Hi guys,

How could i prevent cross site scripting and parameter manipulation attacks in jsp?

how should i handle such a invalid input coming from the user? Will the SSL implementation prevent this kind of attacks?

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41867
    
  63
With regards to XSS, make sure that all text entered by users is validated not to contain problematic HTML/JavaScript. The SecurityFaq points to some articles on this subject (and related attacks such as SQL injection).

Parameters passed in by the user need to be validated on the server. For example, if one of the parameter is a product ID, then the server needs to check the current user is allowed to access that product. Everything sent by the browser is potentially suspect.

SSL does nothing to prevent these classes of attacks.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to prevent cross site cripting parameter manipulation attacks in jsp?