struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.V." <jvsr...@gmail.com>
Subject Struts 1.3 : Preventing SQL Injection (form.field validation)
Date Fri, 22 Mar 2013 23:36:42 GMT
Does anyone out there have a method I could use to pass a form field 
variable that would check for all known SQL injection vulnerabilities 
(with regards to the form field only, irrespective of the method of SQL 
execution) and return a true/false if it passes the test?

I have about 100+ forms ( 500+ fields) to validate for SQL injection 
vulnerabilities and was thinking of creating an abstractForm.java class 
and putting the validate method there and calling that in each of the 
MyForm.java classes validate() method.

I thought initially it would be better to move everything over to use 
Apache commons validator, create a global rule and simply apply the 
global rule to every form field but it may be better to take this approach.

Any thoughts on the approach or a validator classs to pattern match the 
field would be helpful (if you have had such a case in the past).

thanks

J.V.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message