Repel invalid requests

The Open Web Application Security Project has practical guidelines for implementing a secure web site. The first item on their list of security concerns is validating requests.

A reasonable approach is to first validate all requests before performing any other processing. Such checks can include:

Early in processing, sanity checks on parameter values may be either complete or partial validations: Checks on parameter values might be performed at two stages in processing - early sanity checks (as described above), and later "business" validations. For example, if an Age is typed into a text input control, the parameter value can be validated in two steps: This two-step validation style is used in the WEB4J framework. In WEB4J, business validations are performed by a Model Object constructor.

See Also :
Parse parameters into domain objects
A Web App Framework - WEB4J
Would you use this technique?
Yes   No   Undecided   
© 2014 Hirondelle Systems | Source Code | Contact | License | RSS
Individual code snippets can be used under this BSD license - Last updated on September 21, 2013.
Over 2,000,000 unique IPs last year - Built with WEB4J.
- In Memoriam : Bill Dirani -