Thanks Andrey and Tim for replies - appreciate it Has thought of setting rewrite rules in Apache and only allow valid chars in - would the value be better/worse
Thomas -----Original Message----- From: Andrey Rogov [mailto:[EMAIL PROTECTED] Sent: 12 December 2003 12:00 To: Tomcat Users List Subject: Re: SQL Injection and Tomcat Hi, U can configure the Valve param in your server.xml file <Context path="" docBase="Root" debug="0"> <Valve className="path.to.your.app.BadInputFilterValve" deny="\x00,\x04,\x08,\xoa,\x0d"/> </Context> U Can Also buy wonderfull book TOMCAT The definitive Guide by Ian E.Darwin & Jason Brittain CT> Hi, CT> I have an app using MySql and TC4 on linux o JSP app CT> Does Tomcat have any inbuild features to filter out certain characters like ', ;, etc from request URI's. Would a filters or values impl help with this or is it necessary to parse all input (may CT> affect performance) CT> any experience CT> thanks CT> Thomas CT> ********************************************************************************************* CT> This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it CT> from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of CT> confidence, which may arise from the use of email. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the CT> Company. This message has been scanned for known computer viruses. CT> ********************************************************************************************* CT> --------------------------------------------------------------------- CT> To unsubscribe, e-mail: [EMAIL PROTECTED] CT> For additional commands, e-mail: [EMAIL PROTECTED] -- Best regards, Andrey mailto:[EMAIL PROTECTED] ********************************************************************************************* This email and any attachments are confidential and intended for the sole use of the intended recipient(s).If you receive this email in error please notify [EMAIL PROTECTED] and delete it from your system. Any unauthorized dissemination, retransmission, or copying of this email and any attachments is prohibited. Euroconex does not accept any responsibility for any breach of confidence, which may arise from the use of email. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the Company. This message has been scanned for known computer viruses. ********************************************************************************************* --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
