WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Java validaton article

From: Andrew Jaquith <ajaquith () atstake com>
Date: Thu, 12 Dec 2002 14:09:39 -0500
FYI, O'Reilly has published an article on the Commons Validator, a Jakarta subproject that provides libraries for validating JavaBean and/or form contents. The author, Chuck Cavaness, has the right attitude:
"Every application has a responsibility to ensure that only valid data is inserted into its repository. After all, what value would an application offer if the data that it relied upon were corrupted? For applications that use a formal database, like a RDBMS, for example, there are rules or constraints that can be placed upon the fields, which help to guarantee that the data stored within it meets a certain level of quality. Any and all applications that utilize the data within the repository have a responsibility to protect the integrity of the data that they submit.
"Attempts to insert or update data that do not meet the criteria should be detected as soon as possible and rejected. This detection usually occurs in several places throughout an application; the presentation tier (if one is present) might perform some level of validation, the business objects typically have business-level validation rules, and as mentioned, the data repository usually does, as well."
The rest of the article walks through a series examples of how to make the Validator work. A quick, and highly recommended, read. 

Using the Validator Framework with Struts by Chuck Cavaness
http://www.onjava.com/pub/a/onjava/2002/12/11/jakartastruts.html

--
Andrew Jaquith
Program Director
@stake, Inc.
196 Broadway
Cambridge, MA 02139 USA

Direct:  617.768.2711
Mobile:  617.501.3278
Fax:     617.621.1478
Email:   ajaquith () atstake com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x898CF546
Previous By Date Next
Previous By Thread Next

Current thread: