Return-Path: X-Original-To: apmail-struts-user-archive@www.apache.org Delivered-To: apmail-struts-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A0E26F74F for ; Sat, 23 Mar 2013 04:59:03 +0000 (UTC) Received: (qmail 49202 invoked by uid 500); 23 Mar 2013 04:59:01 -0000 Delivered-To: apmail-struts-user-archive@struts.apache.org Received: (qmail 48830 invoked by uid 500); 23 Mar 2013 04:59:00 -0000 Mailing-List: contact user-help@struts.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Struts Users Mailing List" Reply-To: "Struts Users Mailing List" Delivered-To: mailing list user@struts.apache.org Received: (qmail 48806 invoked by uid 99); 23 Mar 2013 04:58:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Mar 2013 04:58:59 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of paulus.benedictus@gmail.com designates 209.85.219.48 as permitted sender) Received: from [209.85.219.48] (HELO mail-oa0-f48.google.com) (209.85.219.48) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Mar 2013 04:58:55 +0000 Received: by mail-oa0-f48.google.com with SMTP id j1so4884461oag.7 for ; Fri, 22 Mar 2013 21:58:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=BkSQYWPgf1A3Du4C9RsG5ynI3ykWIWNYxnm9JbLXGCA=; b=ylAibZGht1DLOs+sugl8o0DodwnYzzqiczodU67sxJ2ugG7bq0euFnebIxsZDvPltU m9STg1CFfqshJXLyWcWAjPlhLg1BdsiFJ+HqmdbBkkKKkX3cTomD8JJtR+JfgQrvSvuV mUNsyzzQWtZN1gieEMaTgsqvHUFfbS9Qo9tfYtnhT5Ig4V89UTXjjD6heijaH2sPGQH5 V2YoO6SdgOWXnpx5LIpwahi98Rt64u4DEtbbJ+VQXloSHwiWRQPZYQXPFuSBMJ4BYyyc 8ll5gEzfBVoGNHoT1e+s0kpIoX/f6V5kDGB3uECLKYym+cnkOdNh/4dOX0aa+Xnyn8mk K5cg== MIME-Version: 1.0 X-Received: by 10.60.172.108 with SMTP id bb12mr4334998oec.110.1364014714199; Fri, 22 Mar 2013 21:58:34 -0700 (PDT) Sender: paulus.benedictus@gmail.com Received: by 10.76.34.4 with HTTP; Fri, 22 Mar 2013 21:58:34 -0700 (PDT) In-Reply-To: <514CEB0A.2000701@gmail.com> References: <514CEB0A.2000701@gmail.com> Date: Fri, 22 Mar 2013 23:58:34 -0500 X-Google-Sender-Auth: FWDlRYt6xk1n8limIunOMJ4-mxE Message-ID: Subject: Re: Struts 1.3 : Preventing SQL Injection (form.field validation) From: Paul Benedict To: Struts Users Mailing List Content-Type: multipart/alternative; boundary=bcaec54c4e008223de04d8906cb1 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec54c4e008223de04d8906cb1 Content-Type: text/plain; charset=ISO-8859-1 If you use JDBC prepared statements, you will not have to worry about SQL injection. Paul On Fri, Mar 22, 2013 at 6:36 PM, J.V. wrote: > Does anyone out there have a method I could use to pass a form field > variable that would check for all known SQL injection vulnerabilities (with > regards to the form field only, irrespective of the method of SQL > execution) and return a true/false if it passes the test? > > I have about 100+ forms ( 500+ fields) to validate for SQL injection > vulnerabilities and was thinking of creating an abstractForm.java class and > putting the validate method there and calling that in each of the > MyForm.java classes validate() method. > > I thought initially it would be better to move everything over to use > Apache commons validator, create a global rule and simply apply the global > rule to every form field but it may be better to take this approach. > > Any thoughts on the approach or a validator classs to pattern match the > field would be helpful (if you have had such a case in the past). > > thanks > > J.V. > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: user-unsubscribe@struts.**apache.org > For additional commands, e-mail: user-help@struts.apache.org > > --bcaec54c4e008223de04d8906cb1--