WASP and download the different security
scanners
and scan for the security loop holes.
Best Regards
Vishnu NV
-Original Message-
From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
Sent: Thursday, June 03, 2010 8:44 AM
To: Struts Users Mailing List
Subject: Re: Encrypting parameters
Hi,
r is that it can't be viewed by the
>>> user
>>> >> in the url. But a attacker can still edit the header and attack the
>>> >> application without much trouble.
>>> >>
>>> >> To improve security you can validate the parameter proper
y the
>> user
>> >> in the url. But a attacker can still edit the header and attack the
>> >> application without much trouble.
>> >>
>> >> To improve security you can validate the parameter properly where you
>> >> receive the parameter
ly where you
> >> receive the parameter. For example number only or does not contains
> invalid
> >> characters in string for eg, <,>,_ ,/, etc like that.
> >>
> >> Another good thing will be to implement SSL.
> >>
> >> Now you can also go to OWASP
gt;
>> Best Regards
>> Vishnu NV
>>
>> -Original Message-
>> From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
>> Sent: Thursday, June 03, 2010 8:44 AM
>> To: Struts Users Mailing List
>> Subject: Re: Encrypting parameters
>>
>> Hi,
>>
>
gt; From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
> Sent: Thursday, June 03, 2010 8:44 AM
> To: Struts Users Mailing List
> Subject: Re: Encrypting parameters
>
> Hi,
>
> I don't think its a good idea to expose the URLs to the users in a secure
> application. Avoid GET
---Original Message-
From: Rahul Mohan [mailto:rahul.mo...@tcs.com]
Sent: Thursday, June 03, 2010 8:44 AM
To: Struts Users Mailing List
Subject: Re: Encrypting parameters
Hi,
I don't think its a good idea to expose the URLs to the users in a secure
application. Avoid GET requests and sti
rol on the
data based on the user credentials.
cheers,
Rahul Mohan
From:
Stephane Cosmeur
To:
Struts Users Mailing List
Date:
03-06-2010 08:53
Subject:
Encrypting parameters
Hello,
I would like to improve the security of my web application. My problem is
I
would like to encrypt the visible
On 6/2/10 11:22 PM, Stephane Cosmeur wrote:
I would like to improve the security of my web application. My problem is I
would like to encrypt the visible parameters in the URL to prevent user to
change it to access data he should not see.
No amount of obfuscation can prevent someone from eventu
Hello,
I would like to improve the security of my web application. My problem is I
would like to encrypt the visible parameters in the URL to prevent user to
change it to access data he should not see.
At start i thought the simple attribute encode of s:url will work for what i
need, but it's not
10 matches
Mail list logo
