WebApp Sec: Java validaton article

[Andrew Jaquith <ajaquith () atstake com>]

FYI, O'Reilly has published an article on the Commons Validator, a 
Jakarta subproject that provides libraries for validating JavaBean 
and/or form contents. The author, Chuck Cavaness, has the right attitude:
"Every application has a responsibility to ensure that only valid data 
is inserted into its repository. After all, what value would an 
application offer if the data that it relied upon were corrupted? For 
applications that use a formal database, like a RDBMS, for example, 
there are rules or constraints that can be placed upon the fields, which 
help to guarantee that the data stored within it meets a certain level 
of quality. Any and all applications that utilize the data within the 
repository have a responsibility to protect the integrity of the data 
that they submit.
"Attempts to insert or update data that do not meet the criteria should 
be detected as soon as possible and rejected. This detection usually 
occurs in several places throughout an application; the presentation 
tier (if one is present) might perform some level of validation, the 
business objects typically have business-level validation rules, and as 
mentioned, the data repository usually does, as well."
The rest of the article walks through a series examples of how to make 
the Validator work. A quick, and highly recommended, read.
Using the Validator Framework with Struts by Chuck Cavaness
http://www.onjava.com/pub/a/onjava/2002/12/11/jakartastruts.html

--
Andrew Jaquith
Program Director
@stake, Inc.
196 Broadway
Cambridge, MA 02139 USA

Direct:  617.768.2711
Mobile:  617.501.3278
Fax:     617.621.1478
Email:   ajaquith () atstake com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x898CF546