堆栈内存溢出
  简体   繁体   English

如何在Struts 1.2中验证对JSP页面的请求

[英]How to validate a request to a JSP page in Struts 1.2

 原文  2012-09-12 13:23:16       java/ jsp/ struts/ struts-1/ struts-validation

问题描述

How to validate a request/response to a JSP page in Struts 1.2 ?? 如何在Struts 1.2中验证对JSP页面的请求/响应?

Short scenario: the response from the action class is captured on the way to jsp and is tweaked. 简短场景:来自动作类的响应在到达jsp的途中被捕获并进行了调整。 how to validate whether that response has been touched? 如何验证该反应是否被感动? (This is all part of VAPT so excuse me if something sounds illogical) (这是VAPT的全部内容,因此,如果听起来有些不合理,请原谅)

1 个解决方案

解决方案1
 0  2012-10-31 14:17:02

response from the action class is captured on the way to jsp and is tweaked 来自动作类的响应在到达jsp的途中被捕获并进行了调整

Are you saying that the Java and JSPs are not running the same container, or even the same JVM, and therefore are going over the wire, and you're worried about interception there? 您是说Java和JSP没有运行相同的容器,甚至没有运行相同的JVM,因此正在运行,您担心在那里被拦截吗?

Or do you mean that some kind of filter class in you server stack is deliberately altering the response, and you want to validate your own transformation of it? 还是您的意思是服务器堆栈中的某种过滤器类正在故意更改响应,并且您想验证自己的响应转换?

Or do you mean you're concerned about interception between server and the client, and that what you mean by the word JSP is actually the rendered HTML sent to the client (browser)? 还是您是说您担心服务器和客户端之间的拦截,而JSP这个词的意思实际上是发送给客户端(浏览器)的呈现HTML

In general, the way you detect tampering is to use hashing - this is why when you download an open source project, you will often see a hash download next to it. 通常,检测篡改的方法是使用哈希-这就是为什么在下载开源项目时,经常会在其旁边看到哈希下载。 I don't know of any off-the-shelf solution for this in a normal browser context. 我不知道在正常的浏览器上下文中有任何现成的解决方案。 Maybe have some javascript in a separate tab / frame, which checks for hash delivered in a separate request? 也许在单独的标签/框架中有一些javascript,它可以检查在单独的请求中传递的哈希?

But ultimately, if you're that worried about man-in-the-middle attacks, make the request over https . 但是最终,如果您担心中间人攻击,请通过https发出请求。 Maybe even use mutual certificates (server sends a cert to browser, and a browser sends cert to the server, as a mutual authentication.) 甚至可以使用相互证书(服务器将证书发送到浏览器,浏览器将证书发送到服务器,作为相互认证)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Struts2中验证对JSP页面的请求 - How to validate a request to a JSP page in Struts2 转至JSP页面的Basic Struts1.2应用程序 - Basic Struts1.2 Application which forwards to JSP page Struts 1.2在JSP中显示消息 - Struts 1.2 Displaying Message in JSP 即使我在Struts 1.2中的web.xml中使用安全约束,如何也停止对我的jsp页面的直接访问 - How to stop drect access to my jsp page even when i am using security-constraint in web.xml in struts 1.2 速度用户提供的带有Struts 1.2的JSP - JSP with Struts 1.2 from a velocity user 如何使用validate方法在Struts 2中的一页上验证两个表单 - How to validate two forms on one page in Struts 2 using validate method 如何在Struts 2中的JSP中显示标签内访问请求属性 - How to access request attribute inside display tag in JSP in struts 2 Struts 1.2:无法加载jsp,因为没有调用Action 类 - Struts 1.2 : Unable to load a jsp as Action class isn't called 在Struts 1中,如何指定输入页面URL,而不是JSP路径 - In Struts 1, how to specify input page URL and not path to JSP 如何在struts 2.x的jsp页面上访问私有字段? - How private fields accessible on jsp page in struts 2.x?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM