struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.V." <jvsr...@gmail.com>
Subject common validator
Date Tue, 26 Mar 2013 22:15:27 GMT
I have to add checking each and every form field in my application for 
sql injection attacks (I need a method that will return a boolean false 
if any character that is typically used in sql injection is found).

Each of my form classes has a validator() method.  I was thinking of 
creating my own abstract form class

public abstract MyBaseForm() extends DynaValidatorForm {

     public boolean validateSQL(String[] fields) {
         // do checks here and return true or false
    }
}

----
and then modify all my form classes to extend MyBaseForm (which extends 
DynaValidatorForm() and in each of my existing Form classes call 
validateSQL() as the first call of each now existing validator() method.

This will be a lot of work because there are over 100 forms and 500+ 
fields, is there an easier way?  I thought that using the Apache commons 
validator plugin would be best but was told that the validator() method 
in each form class is preferred, but it is turning out to be more work 
than expected.

Any/all other options would be helpful.

thanks


J.V.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message