This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doing server side validation in jsp

 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I already have client side to do validation, but i know that users can bypass javascript

what's the best way to do server side validation

i plan to write a class that takes a regular exp(regex)
then use str.match(regex);

also i should use prepared statements to avoid SQL injection?
 
Junilu Lacar
Bartender
Pie
Posts: 7309
45
Android Eclipse IDE IntelliJ IDE Java Linux Mac Scala Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64623
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And to clarify, the title says "in jsp" -- no data processing should ever happen in a JSP. In fact, there should never be any Java code in a JSP.

Forms should be submitted to servlets which can do the validation, or delegate the validation to other Java classes.
 
cle tan
Ranch Hand
Posts: 68
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet


i downloaded the owasp antisamy to prevent XSS attacks

however, i have few problems referencing the policy xml file in the java code
one of which is


asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic