struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgm <str...@rgm.nu>
Subject Strategy for remove nulls from string parameter values?
Date Mon, 28 Jul 2014 17:02:59 GMT
I've got a problem where my PostgreSQL database won't store a String that
contains a null charcter, and I'm trying to figure out the best place to
sanitize the parameter.  Your advice is appreciated.

If it were a one-off issue, I'd handle it in the validate() method of the
action, but in this case, I feel comfortable declaring that no String
parameters in my app should ever contain nulls (or control characters) in
their value.

Do you have recommendations about the best place to reject paramters
containing nulls app-wide?  A normal Java Filter, or perhaps a Struts
Interceptor (subclass ParametersInterceptor to create
ParameterValueInterceptor)?  Or maybe I should sub-class String (ew) and
then make my own StrutsTypeConverter?  (that last one feels dirty and would
require many changes).

This problem came up while attempting to log a message to the database
about a login failure for a user that was provided like this:

https://myserver.com/myapp/login?user=%00

I'd rather just pretend that the String excluded that 0x00 character, and
was "null".

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message