struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anjib Mulepati <anji...@hotmail.com>
Subject Re: Struts 1.3 : Preventing SQL Injection (form.field validation)
Date Fri, 22 Mar 2013 23:45:08 GMT
Use Filter

On 3/22/2013 7:36 PM, J.V. wrote:
> Does anyone out there have a method I could use to pass a form field 
> variable that would check for all known SQL injection vulnerabilities 
> (with regards to the form field only, irrespective of the method of 
> SQL execution) and return a true/false if it passes the test?
>
> I have about 100+ forms ( 500+ fields) to validate for SQL injection 
> vulnerabilities and was thinking of creating an abstractForm.java 
> class and putting the validate method there and calling that in each 
> of the MyForm.java classes validate() method.
>
> I thought initially it would be better to move everything over to use 
> Apache commons validator, create a global rule and simply apply the 
> global rule to every form field but it may be better to take this 
> approach.
>
> Any thoughts on the approach or a validator classs to pattern match 
> the field would be helpful (if you have had such a case in the past).
>
> thanks
>
> J.V.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message