Mike- There are actually 2 situations to be mindful of
(Not a salesman for these folks but acutenix had a very good tutorial) SQLInjection Solution might use a JS Validator.. but just in case JS validator passes it on the Server side to look for AND /OR funky conditional 1=1 comes to mind and return error if (AND / OR / == ) or any possible SQLInjections are found http://www.acunetix.com/websitesecurity/sql-injection2.htm XSS Scripting solution might use JS Validator to scan for html tags in the input form or table or input comes to mind but just in case JS validatpr passes it on the Server side you want to look for html tags like form table or input and return error if (form table or input ) of the following are found http://www.acunetix.com/websitesecurity/xss.htm I also dont use cookies to maintain State but thats Orthogonal to this topic HTH/ M-- ----- Original Message ----- From: "Mike Duffy" <[EMAIL PROTECTED]> To: <user@struts.apache.org> Sent: Thursday, November 15, 2007 12:42 PM Subject: Struts Validator to Prevent SQL Injection Attacks > Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? > > Thx. > > Mike > > > ____________________________________________________________________________ ________ > Get easy, one-click access to your favorites. > Make Yahoo! your homepage. > http://www.yahoo.com/r/hs > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
