there are simply a waste of time!
Peter
- Original Message -
From: Christopher Schultz [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Sent: Tuesday, 27 May, 2008 9:27:33 PM GMT +02:00 Athens, Beirut, Bucharest,
Istanbul
Subject: Re: Code Injection Tomcat 6
-BEGIN PGP SIGNED
29, 2008 5:58 AM
Subject: Re: Code Injection Tomcat 6
Hi Chris,
The crunch of your argument:
I would argue that your data protection should occur at the business
layer.
...
Adding a single layer of security should not be considered a
replacement for code and security reviews, unit testing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| Unfortunately, you did not understand or have missed the point... its
| not about forgoing coded checks, the key point here is to manage data
| security in a more efficient way.
If you say so. Where you see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| The one problem though is that these arcane methods we have been
| using (encoding output, coding some validation checks, using prepared
| statements etc..) are not scalable enough
Really? I wasn't aware that
Hi everyone
What is the best approach to mitigate malicious code injection into HTML form
components?
I know that IIS has a security option to limit what can be posted to the
server, does Tomcat have something similar? I am looking for a global solution
of some sort, as I have too many
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Stavrinides wrote:
| What is the best approach to mitigate malicious code injection into
| HTML form components?
That depends on what you are trying to protect against. There are
several malicious messages that could be sent through