| Author |
Doing server side validation in jsp
|
cle tan
Ranch Hand
Joined: Jun 11, 2012
Posts: 68
|
|
I already have client side to do validation, but i know that users can bypass javascript
what's the best way to do server side validation
i plan to write a class that takes a regular exp(regex)
then use str.match(regex);
also i should use prepared statements to avoid SQL injection?
|
 |
Junilu Lacar
Bartender
Joined: Feb 26, 2001
Posts: 4133
|
|
RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation
OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
|
Junilu - [How to Ask Questions] [How to Answer Questions] [MiH]
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56529
|
|
And to clarify, the title says "in jsp" -- no data processing should ever happen in a JSP. In fact, there should never be any Java code in a JSP.
Forms should be submitted to servlets which can do the validation, or delegate the validation to other Java classes.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
cle tan
Ranch Hand
Joined: Jun 11, 2012
Posts: 68
|
|
i downloaded the owasp antisamy to prevent XSS attacks
however, i have few problems referencing the policy xml file in the java code
one of which is
asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location
|
|
 |
|
|
subject: Doing server side validation in jsp
|
|
|
0
