Ways to prevent SQL Injection Attack & XSS in Java Web Application

后端 未结 6 1945
囚心锁ツ
囚心锁ツ 2021-02-07 22:27

I\'m writing a java class which would be invoked by a servlet filter and which checks for injection attack attempts and XSS for a java web application based on Struts. The Injec

6条回答
  •  -上瘾入骨i
    2021-02-07 22:58

    Based on your questions I am assuming you are attempting to filtering bad values. I personally feel that this method can get very complex very quickly and would recommend encoding values as an alternate method. Here is an IBM article on the subject that lays out the pros and cons of both methods, http://www.ibm.com/developerworks/tivoli/library/s-csscript/.

    To avoid SQL injection attacks just use prepared statements instead of creating SQL strings.

提交回复
热议问题