DaUser
Reputation: 357
Java / Spring - Securing a Parameter ( Pathvariable )
Is there a common way to secure a pathvariable?
@RequestMapping("/image/{id}")
public String getArticleImageUrl(@PathVariable String id) {
....
I mean remove unusual content e.g. javascript or other security issue related things to prevent "hacking" or abusive use?
Upvotes: 0
Views: 423
Answers (2)
marthursson
Reputation: 3300
What is secure depends on what you want to use the input for. Bottom line: You should take the same care with these kinds of parameters as any other parameter you would accept from the outside into the system, e.g.:
- Take appropriate action to prevent SQL injection (i.e. PreparedStatements)
- Take care when rendering stuff on your web site that was received as user input (i.e. make sure to HTML encode stuff - most frameworks would take care of this for you).
- etc.
"Washing" the input from unwanted characters is possible but, as always: tricky and depending on what the data will be used for.
Upvotes: 1
DaUser
Reputation: 357
Nvm.
I used a regex to check if this String is alphanumeric. ( ^[\\pL\\pN]+$ )
Should be enough.
Upvotes: 0
Related Questions
- How to properly manage PathVariables with spring
- Authorization in spring-security based on path variables
- How can I make spring MVC PathVariable more robust?
- Spring Boot AuthenticationToken with path variable
- How can I secure Spring controller to not accept wrong type of path variables passes in URL?
- how to secure 2 paths at same time with spring security?
- How to use @PathVariable to resolve parameter name in Spring Security?
- Spring Security with path variable parameters
- Interning of String.valueOf()
- Securing Methods with Spring Security