The access JSP security issues

Category: Java Related
2009-02-07 03:24:38

Sponsored Links
If the site has a user registration feature.
User reg.html enter registration information, registration information form action = "reg.jsp"
that is put these information to the reg. jsp pages in this database insertions.

first question:
If the user on the client view reg.html source code and found that action is reg.jsp this document,
So this is not a very safe? because a malicious user could write a program to keep through delivering information
to reg.jsp register Is there any way to solve this hidden?? ???

second question:
If the user direct access to reg.jsp this page, how to properly deal with this illegal operation?
information transmitted from the judgment (eg userID , password) and so is not empty, empty then go to the error page??
so it reasonable??

Sponsored Links

2009-02-07 04:01:28
Question 1: Response reg.html page can generated when a value stored in the session, and output to the page hidden field, and requires the user to re-enter this value and JavaScript validation when submitted. Submission filed in reg.jsp verify whether the value stored in the session with the same value.

Question 2: In reg.jsp page is a need to re-validate the submitted values ​​legitimacy. Illegal is output to the error page.
2009-02-07 04:19:57
Now many sites are required to have a certified input code, which is to prevent some malicious users to use to access the programming method. So you use an authentication code on it.
you can set certain privileges, so the user can not directly access reg.jsp this document, on the inside can be verified.
2009-02-07 04:57:18
1: Verification code
2: Set session
2009-02-07 05:27:15
Agree upstairs, this method has been in widespread use.
csdn landing now also need to enter a verification code.
2009-02-07 05:58:05
which include code page
2009-02-07 06:14:21
rely session to solve the problem. . .
2009-02-07 06:50:39
2009-02-07 07:08:26
cookies okay?
2009-02-07 07:45:24
Will drugon (personal) How to set a user can not directly access reg.jsp how achieve??
2009-02-07 08:12:47
impossible to set the bar. .
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.