Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Doing server side validation in jsp

 
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I already have client side to do validation, but i know that users can bypass javascript

what's the best way to do server side validation

i plan to write a class that takes a regular exp(regex)
then use str.match(regex);

also i should use prepared statements to avoid SQL injection?
 
Sheriff
Posts: 16767
281
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
 
Sheriff
Posts: 67620
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And to clarify, the title says "in jsp" -- no data processing should ever happen in a JSP. In fact, there should never be any Java code in a JSP.

Forms should be submitted to servlets which can do the validation, or delegate the validation to other Java classes.
 
cle tan
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junilu Lacar wrote:RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet



i downloaded the owasp antisamy to prevent XSS attacks

however, i have few problems referencing the policy xml file in the java code
one of which is


asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic