Reputation: 1246
Does Java have standard functions for security like in php htmlspecialchars
, strip_tags
? Or must I write my own functions? I want to be sure my script handles user data safely.
Upvotes: 2
Views: 122
Reputation: 719719
Not exactly.
Protection against injection attacks in Java comes "for free" provided that you do certain things the right way. For example:
Don't create SQL by concatenating strings. Instead, create your SQL with placeholders, and compile / execute using JDBC PreparedStatement
.
In JSPs, use <c:out>
to output any data that comes from the user. This automatically HTML escapes it to denature any potential injected nasties.
Upvotes: 3
Reputation: 816
you can try spring security library (.jar)
which gives all the features to avoid web related security issues
here is the link
http://static.springsource.org/spring-security/site/
you can also find some help from the owasp.com site
http://owasp.com/index.php/Main_Page
Upvotes: 0
Reputation: 5755
This is not a solution, just an advice, when its about security, i never use built in functions, i always write them myself according to client requirements, use RegExp, they are very powerful for this.
Upvotes: -1