Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doing server side validation in jsp

 
cle tan
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I already have client side to do validation, but i know that users can bypass javascript

what's the best way to do server side validation

i plan to write a class that takes a regular exp(regex)
then use str.match(regex);

also i should use prepared statements to avoid SQL injection?
 
Junilu Lacar
Bartender
Posts: 7483
50
Android Eclipse IDE IntelliJ IDE Java Linux Mac Scala Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64983
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And to clarify, the title says "in jsp" -- no data processing should ever happen in a JSP. In fact, there should never be any Java code in a JSP.

Forms should be submitted to servlets which can do the validation, or delegate the validation to other Java classes.
 
cle tan
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Junilu Lacar wrote:RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet


i downloaded the owasp antisamy to prevent XSS attacks

however, i have few problems referencing the policy xml file in the java code
one of which is


asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic