I have to add checking each and every form field in my application for
sql injection attacks (I need a method that will return a boolean false
if any character that is typically used in sql injection is found).
Each of my form classes has a validator() method. I was thinking of
creating my own abstract form class
public abstract MyBaseForm() extends DynaValidatorForm {
public boolean validateSQL(String[] fields) {
// do checks here and return true or false
}
}
----
and then modify all my form classes to extend MyBaseForm (which extends
DynaValidatorForm() and in each of my existing Form classes call
validateSQL() as the first call of each now existing validator() method.
This will be a lot of work because there are over 100 forms and 500+
fields, is there an easier way? I thought that using the Apache commons
validator plugin would be best but was told that the validator() method
in each form class is preferred, but it is turning out to be more work
than expected.
Any/all other options would be helpful.
thanks
J.V.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
|