Anton Sementsov
Anton Sementsov

Reputation: 1246

security functions

Does Java have standard functions for security like in php htmlspecialchars, strip_tags? Or must I write my own functions? I want to be sure my script handles user data safely.

Upvotes: 2

Views: 122

Answers (3)

Stephen C
Stephen C

Reputation: 719719

Not exactly.

Protection against injection attacks in Java comes "for free" provided that you do certain things the right way. For example:

  • Don't create SQL by concatenating strings. Instead, create your SQL with placeholders, and compile / execute using JDBC PreparedStatement.

  • In JSPs, use <c:out> to output any data that comes from the user. This automatically HTML escapes it to denature any potential injected nasties.

Upvotes: 3

vireshas
vireshas

Reputation: 816

you can try spring security library (.jar)
which gives all the features to avoid web related security issues

here is the link
http://static.springsource.org/spring-security/site/

you can also find some help from the owasp.com site
http://owasp.com/index.php/Main_Page

Upvotes: 0

JBoy
JBoy

Reputation: 5755

This is not a solution, just an advice, when its about security, i never use built in functions, i always write them myself according to client requirements, use RegExp, they are very powerful for this.

Upvotes: -1

Related Questions