How to prevent cross-site scripting (XSS)

You should HTML escape any input before outputting it back to the user.

留言

張貼留言

這個網誌中的熱門文章

java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/datatype/XMLGregorianCalendarImpl$Parser

When you encounter the following error that related to web service. java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/datatype/XMLGregorianCalendarImpl$Parser Solution 1: Ensure no xercesImpl.jar in your classpath since the implementation of xerce is built-in wiht JAVA SE 1.6. Solution 2: Use XmlJavaTypeAdapter [ @XmlJavaTypeAdapter(JaxbDateAdapter.class)] to convert XMLGregorianCalendar type to Date type. XMLGregorianCalendar is the built-in Java data type for JAXB mapping with datetime. Example: Binding.xjb <?xml version="1.0" encoding="UTF-8"?> <bindings xmlns="http://java.sun.com/xml/ns/jaxb"                 xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance"                 xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"               ...
閱讀完整內容

10 Tips for Proper Application Logging

圖片
Reference: https://www.javacodegeeks.com/2011/01/10-tips-proper-application-logging.html   Our latest   JCP partner ,   Tomasz Nurkiewicz , has submitted a number of posts describing the basic principles of proper application   logging . I found them quite interesting, thus I decided to aggregate them in a more compact format and present them to you. So, here are his suggestions for clean and helpful logs:(NOTE: The original posts have been slightly edited to improve readability) 1) Use the appropriate tools for the job Many programmers seem to forget how important is logging an application’s behavior and its current activity. When somebody puts: 1 log.info( "Happy and carefree logging" ); happily somewhere in the code, he probably doesn’t realize the importance of application logs during maintenance, tuning and failure identification. Underestimating the value of good logs is a terrible mistake. In my opinion, SLF4J is the best logging API availab...
閱讀完整內容

Turn off WebLogic basic authentication

Editing config.xml To set the e enforce-valid-basic-auth-credentials flag, perform the following steps: 1. Add the element to config.xml within the element. false 2. Start or restart all of the servers in the domain. ============================================= Using WebLogic Scripting Tool (WLST) Using WLST to Check the Value of enforce-valid-basic-auth-credentials The Administration Console does not display or log the enforce-valid-basic-auth-credentials setting. However, you can use WLST to check the value in a running server. Remember that enforce-valid-basic-auth-credentials is a domain-wide setting. The WLST session shown below demonstrates how to check the value of the enforce-valid-basic-auth-credentials flag in a sample running server. Example: wls:/offline> connect('weblogic','weblogic123','t3://localhost:7002') Connecting to t3://localhost:7002 with userid weblogic ... Successfully connected to Admin Server 'AdminS...
閱讀完整內容