-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| Unfortunately, you did not understand or have missed the point... its
| not about forgoing coded checks, the key point here is to manage data
| security in a more efficient way.
If you say so. Where you see efficien
sday, May 29, 2008 5:58 AM
Subject: Re: Code Injection Tomcat 6
Hi Chris,
The crunch of your argument:
I would argue that your data protection should occur at the business
layer.
...
Adding a single layer of "security" should not be considered a
replacement for code and security r
ere is little point to this
discussion and so many projects out there are simply a waste of time!
Peter
- Original Message -
From: "Christopher Schultz" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Tuesday, 27 May, 2008 9:27:33 PM GMT +02:00 Athens, Beirut
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| The one problem though is that these arcane methods we have been
| using (encoding output, coding some validation checks, using prepared
| statements etc..) are not scalable enough
Really? I wasn't aware that conver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| What is the best approach to mitigate malicious code injection into
| HTML form components?
That depends on what you are trying to protect against. There are
several "malicious" messages that could be sent through H
Hi everyone
What is the best approach to mitigate malicious code injection into HTML form
components?
I know that IIS has a security option to limit what can be posted to the
server, does Tomcat have something similar? I am looking for a global solution
of some sort, as I have too many active
