Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent cross site cripting parameter manipulation attacks in jsp?

 
vishnu vyasan
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,

How could i prevent cross site scripting and parameter manipulation attacks in jsp?

how should i handle such a invalid input coming from the user? Will the SSL implementation prevent this kind of attacks?

Thanks.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With regards to XSS, make sure that all text entered by users is validated not to contain problematic HTML/JavaScript. The SecurityFaq points to some articles on this subject (and related attacks such as SQL injection).

Parameters passed in by the user need to be validated on the server. For example, if one of the parameter is a product ID, then the server needs to check the current user is allowed to access that product. Everything sent by the browser is potentially suspect.

SSL does nothing to prevent these classes of attacks.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic