The access JSP security issues

Category: Java Related
 
liufengyan1308
2009-02-07 03:24:38

Sponsored Links
If the site has a user registration feature.
User reg.html enter registration information, registration information form action = "reg.jsp"
that is put these information to the reg. jsp pages in this database insertions.

first question:
If the user on the client view reg.html source code and found that action is reg.jsp this document,
So this is not a very safe? because a malicious user could write a program to keep through delivering information
to reg.jsp register Is there any way to solve this hidden?? ???

second question:
If the user direct access to reg.jsp this page, how to properly deal with this illegal operation?
information transmitted from the judgment (eg userID , password) and so is not empty, empty then go to the error page??
so it reasonable??

Sponsored Links

sswjs
2009-02-07 04:01:28
Question 1: Response reg.html page can generated when a value stored in the session, and output to the page hidden field, and requires the user to re-enter this value and JavaScript validation when submitted. Submission filed in reg.jsp verify whether the value stored in the session with the same value.

Question 2: In reg.jsp page is a need to re-validate the submitted values ​​legitimacy. Illegal is output to the error page.
amaojiangzhulu
2009-02-07 04:19:57
Now many sites are required to have a certified input code, which is to prevent some malicious users to use to access the programming method. So you use an authentication code on it.
you can set certain privileges, so the user can not directly access reg.jsp this document, on the inside can be verified.
zoushic
2009-02-07 04:57:18
1: Verification code
2: Set session
qwertzhu
2009-02-07 05:27:15
Agree upstairs, this method has been in widespread use.
csdn landing now also need to enter a verification code.
sunyly2009
2009-02-07 05:58:05
reg.jsp
which include code page
qdsjx
2009-02-07 06:14:21
rely session to solve the problem. . .
hololulu1
2009-02-07 06:50:39
qhfjhgjsdhgjsdfhjshjkfhgfsdgsdgddsgds
wollt
2009-02-07 07:08:26
cookies okay?
cyssica
2009-02-07 07:45:24
Will drugon (personal) How to set a user can not directly access reg.jsp how achieve??
pplrain123
2009-02-07 08:12:47
impossible to set the bar. .
Domain and server ip had changed since 8/23/2013. Suspend the user registration and posts for program maintenance.