DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20717>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20717 new document: "Building a Robust and Secure Web Application With Velocity" Summary: new document: "Building a Robust and Secure Web Application With Velocity" Product: Velocity Version: 1.0-Release Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Documentation AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Any time you build a web application, it your responsibility as a web developer to ensure that the application does what it is supposed to do, fails gracefully in case of an error, keeps users from gaining access to data they are not supposed to view, and prevents malicious users from interfering with the operation of the application. While a detailed discussion of how to build a robust web application is an overly complex topic, this short paper touches on several issues that are common in a Velocity-based web application. The paper is written from the perspective of a Velocity developer, who interacts with a group of HTML template designers and a larger pool of end users. Topics 1) How Velocity Helps the Developer Create a Robust App 2) Velocity-Specific Issues Regarding Robustness and Security 3) Best Practices In Building A Secure, Robust Velocity Web Application a) Review all context references for unwanted methods. b) Encode HTML special characters to avoid cross-scripting vulnerabilities. c) Use an up-to-date and properly configured app server. d) Configure Velocity for production use. 4) Working with Untrusted HTML Template Designers --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
