图像

SQL Injection,CSS attacks, Script attacks in Java or J2ee web applications

To Prevent SQL Injection,CSS attacks, Script attackes in Java J2ee based web applicataions we had to add filter which
will inspect each and every field that is submitted to the application.
But be careful as some times this filter may change the values of some inputs.
Eg: In our test app when we added this filter all quotes like say for name was replacye by html equivalent.
The reason is there can be some fields like name say Ram’S (with an apostrophe).The apsotrophe here would be replaced
with its html Equivalent.So one way is not allow user to enter (by haveing validation in UI) or
if you still need to allow then exclude that field from filter. Continue reading

查看及修改mysql数据库的字符集

查看字符集设置

mysql> show variables like 'collation_%';
+----------------------+-----------------+
| Variable_name         | Value            |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database    | utf8_general_ci |
| collation_server      | utf8_general_ci |
+----------------------+-----------------+
3 rows in set (0.02 sec)

Continue reading