tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Curley, Thomas" <thomas.cur...@euroconex.com>
Subject RE: SQL Injection and Tomcat
Date Fri, 12 Dec 2003 12:27:24 GMT
Thanks Andrey and Tim for replies - appreciate it

Has thought of setting rewrite rules in Apache and only allow valid chars in - would the value
be better/worse

Thomas


-----Original Message-----
From: Andrey Rogov [mailto:Andrey.Rogov@ukrpost.net]
Sent: 12 December 2003 12:00
To: Tomcat Users List
Subject: Re: SQL Injection and Tomcat


Hi,

U can configure the Valve param in your server.xml file
   <Context path="" docBase="Root" debug="0">
       <Valve className="path.to.your.app.BadInputFilterValve"
          deny="\x00,\x04,\x08,\xoa,\x0d"/>
   </Context>

   
U Can Also buy wonderfull book TOMCAT The definitive Guide
    by Ian E.Darwin & Jason Brittain
    

CT> Hi,

CT> I have an app using MySql and TC4 on linux o JSP app

CT> Does Tomcat have any inbuild features to filter out certain characters like ', ;, etc
from request URI's.  Would a filters or values impl help with this or is it necessary to parse
all input (may
CT> affect performance)

CT> any experience 

CT> thanks

CT> Thomas


CT> *********************************************************************************************
CT> This email and any attachments are confidential and intended for the sole use of the
intended recipient(s).If you receive this email in error please notify emailadmin@euroconex.com
and delete it
CT> from your system. Any unauthorized dissemination, retransmission, or copying of this
email and any attachments is prohibited. Euroconex does not accept any responsibility for
any breach of
CT> confidence, which may arise from the use of email. Please note that any views or opinions
presented in this email are solely those of the author and do not necessarily represent those
of the
CT> Company. This message has been scanned for known computer viruses. 
CT> *********************************************************************************************

CT> ---------------------------------------------------------------------
CT> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
CT> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



-- 
Best regards,
 Andrey                            mailto:Andrey.Rogov@ukrpost.net
*********************************************************************************************
This email and any attachments are confidential and intended for the sole use of the intended
recipient(s).If you receive this email in error please notify emailadmin@euroconex.com and
delete it from your system. Any unauthorized dissemination, retransmission, or copying of
this email and any attachments is prohibited. Euroconex does not accept any responsibility
for any breach of confidence, which may arise from the use of email. Please note that any
views or opinions presented in this email are solely those of the author and do not necessarily
represent those of the Company. This message has been scanned for known computer viruses.

*********************************************************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message