WebApp Sec mailing list archives
Java validaton article
From: Andrew Jaquith <ajaquith () atstake com>
Date: Thu, 12 Dec 2002 14:09:39 -0500
FYI, O'Reilly has published an article on the Commons Validator, a Jakarta subproject that provides libraries for validating JavaBean and/or form contents. The author, Chuck Cavaness, has the right attitude:
"Every application has a responsibility to ensure that only valid data is inserted into its repository. After all, what value would an application offer if the data that it relied upon were corrupted? For applications that use a formal database, like a RDBMS, for example, there are rules or constraints that can be placed upon the fields, which help to guarantee that the data stored within it meets a certain level of quality. Any and all applications that utilize the data within the repository have a responsibility to protect the integrity of the data that they submit.
"Attempts to insert or update data that do not meet the criteria should be detected as soon as possible and rejected. This detection usually occurs in several places throughout an application; the presentation tier (if one is present) might perform some level of validation, the business objects typically have business-level validation rules, and as mentioned, the data repository usually does, as well."
The rest of the article walks through a series examples of how to make the Validator work. A quick, and highly recommended, read.
Using the Validator Framework with Struts by Chuck Cavaness http://www.onjava.com/pub/a/onjava/2002/12/11/jakartastruts.html -- Andrew Jaquith Program Director @stake, Inc. 196 Broadway Cambridge, MA 02139 USA Direct: 617.768.2711 Mobile: 617.501.3278 Fax: 617.621.1478 Email: ajaquith () atstake com PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x898CF546
Current thread:
- Java validaton article Andrew Jaquith (Dec 12)