Spring MVC resolution fro HTML tampering?

**dmurat** · Jun 14th, 2005, 03:58 PM

Is there any out of the box solution or feature in Spring MVC which can help to prevent HTML tampering attack? If not, could one describe sound strategy to implement it?

Tnx

**katentim** · Jun 16th, 2005, 04:03 AM

You might find http://forum.springframework.org/showthread.php?t=10911 useful.

**davison** · Jun 16th, 2005, 08:34 AM

and this one: http://forum.springframework.org/showthread.php?t=10820

**katentim** · Jun 16th, 2005, 05:54 PM

Good link Darren - I think yours is more relevant. For more info, have a look at the JavaDoc for the class DataBinder, and it's method setAllowedFields.

**dmurat** · Jun 20th, 2005, 01:36 AM

Thank you all for your answers, but there is one more problem about allowedFields property in DataBinder. Specifically, one can't react in controller if non allowed fields are submitted. All you can do is to look at warning log entry produced by DataBinder. There really should be an option to remember not allowed fields so that you can implement some logic (like session invalidation or/and logout) in controller in case when not allowed fields are submitted.

I raised JIRA issue about that so you can vote for it.

Damir

Thread: Spring MVC resolution fro HTML tampering?

Thread Tools

Display

Spring MVC resolution fro HTML tampering?

Similar Threads

Spring MVC Web Framework versus Struts

Aurora MVC for Spring to be open-sourced soon.

A Spring Class Loader?

accessing spring variables from struts html taglib

Spring Framework / Spring Rich Client Library Hell?

Posting Permissions