Reputation: 1246
security functions
Does Java have standard functions for security like in php htmlspecialchars, strip_tags? Or must I write my own functions? I want to be sure my script handles user data safely.
Upvotes: 2
Views: 122
Answers (3)
Reputation: 719719
Not exactly.
Protection against injection attacks in Java comes "for free" provided that you do certain things the right way. For example:
Don't create SQL by concatenating strings. Instead, create your SQL with placeholders, and compile / execute using JDBC
PreparedStatement.In JSPs, use
<c:out>to output any data that comes from the user. This automatically HTML escapes it to denature any potential injected nasties.
Upvotes: 3
Reputation: 816
you can try spring security library (.jar)
which gives all the features to avoid web related security issues
here is the link
http://static.springsource.org/spring-security/site/
you can also find some help from the owasp.com site
http://owasp.com/index.php/Main_Page
Upvotes: 0
Reputation: 5755
This is not a solution, just an advice, when its about security, i never use built in functions, i always write them myself according to client requirements, use RegExp, they are very powerful for this.
Upvotes: -1
Related Questions
- Restricting Access to Java Servlet
- How to secure my java web application?
- Need help to understand and implement basic web app security
- Advice on implementing security aspect of Java EE web application
- Servlet Filter for security
- Implementing session-based security in Java servlet
- Servlet declarative security
- Java Web Application Security Idea
- Security for the login page (using Servlet/JSP)
- Tomcat servlet security