Java / Spring-保护参数(Pathvariable)
[英]Java / Spring - Securing a Parameter ( Pathvariable )
问题描述
Is there a common way to secure a pathvariable? 
有保护路径变量的通用方法吗?
@RequestMapping("/image/{id}")
public String getArticleImageUrl(@PathVariable String id) {
....
I mean remove unusual content eg javascript or other security issue related things to prevent "hacking" or abusive use? 我的意思是删除异常内容,例如javascript或其他与安全问题相关的内容,以防止“黑客入侵”或滥用?
2 个解决方案
解决方案1
1 已采纳 2015-04-22 12:27:17
What is secure depends on what you want to use the input for. 安全性取决于您要使用输入的内容。 Bottom line: You should take the same care with these kinds of parameters as any other parameter you would accept from the outside into the system, eg: 底线:您应该像对待外部要接受的其他任何参数一样,小心对待这些类型的参数,例如:
- Take appropriate action to prevent SQL injection (ie PreparedStatements) 采取适当的措施来防止SQL注入(即PreparedStatements)
- Take care when rendering stuff on your web site that was received as user input (ie make sure to HTML encode stuff - most frameworks would take care of this for you). 当在网站上呈现作为用户输入的内容时要小心(例如,确保对内容进行HTML编码-大多数框架会为您处理)。
- etc. 等等
"Washing" the input from unwanted characters is possible but, as always: tricky and depending on what the data will be used for. 可以“清洗”来自不需要的字符的输入,但是,一如既往:棘手并取决于数据将用于什么目的。
解决方案2
0 2015-04-22 12:21:40
Nvm. NVM。 I used a regex to check if this String is alphanumeric. 我使用了正则表达式来检查此字符串是否为字母数字。 ( ^[\\\\pL\\\\pN]+$ ) Should be enough. ( ^[\\\\pL\\\\pN]+$ )应该足够了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.