Sanitize json input to a java server

Posted by morgancodes on Stack Overflow See other posts from Stack Overflow or by morgancodes
Published on 2010-04-02T16:46:29Z Indexed on 2010/04/04 23:33 UTC
Read the original article Hit count: 284

Filed under:

java

|

JSON

|

security

I'm using json to pass data between the browser and a java server.

I'm using Json-lib to convert between java objects and json.

I'd like to strip out susupicious looking stuff (i.e "doSomethingNasty().) from the user input while converting from json to java.

I can imagine several points at which I could do this:

I could examine the raw json string and strip out funny-looking stuff
I could look for a way to intercept every json value on its way into the java object, and look for funny stuff there.
I could traverse my new java objects immediately after reconstitution from json, look for any fields that are Strings, and stripp stuff out there.

What's the best approach? Are there any technologies built for this this task that I tack tack on to what I have already?

© Stack Overflow or respective owner

Related posts about java

Tomcat 6: Access Control Exception?

as seen on Server Fault - Search for 'Server Fault'
I'm trying to setup a tomcat6 server, and I'm trying to match another setup someone else established. However, my deployment (default Ubuntu install) uses a policy.d/ directory structure, and the established server just uses a catalina.policy file. I've tried setting every entry in policy.d to match… >>> More
Problem in creation MDB Queue connection at Jboss StartUp

as seen on Stack Overflow - Search for 'Stack Overflow'
I am not able to create a Queue connection in JBOSS4.2.3GA Version & Java1.5, as I am using MDB as per the below details. I am putting this MDB in a jar file(named utsJar.jar) and copied it in deploy folder of JBOSS, In the test env. this MDB works well but in another env. [ env settings and… >>> More
failing to establish connection between Postgres db and gwt

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am using Postgres and gwt 2.0 for one of my applications. I am facing problem connecting to the database. When I try to connect it gives "ClassNotFoundException". Here is what I get when I try to connect to database: java.lang.ClassNotFoundException: org.postgresql.Driver at java.net… >>> More
failing to establish connection between postgre db and gwt

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, For i am using postgre and gwt 2.0 for one of my applications. I am facing problem connecting to the database. When i try to connect it gives "ClassNotFoundException". Here is what i get when i try to connect to database: java.lang.ClassNotFoundException: org.postgresql.Driver at java.net… >>> More
Migration and deployement problems JBoss 4.2.2.GA to JBoss 6.0.0.M2

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to migrate an application running on JBoss 4.2.2.GA to JBoss 6.0.0.M2 I give you some log to explain my problem : boot.log : 2010-03-16 09:59:29,406 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (Thread-2) Failed to load profile: Summary of incomplete deployments… >>> More

Related posts about JSON

Using JSON.NET for dynamic JSON parsing

as seen on West-Wind - Search for 'West-Wind'
With the release of ASP.NET Web API as part of .NET 4.5 and MVC 4.0, JSON.NET has effectively pushed out the .NET native serializers to become the default serializer for Web API. JSON.NET is vastly more flexible than the built in DataContractJsonSerializer or the older JavaScript serializer. The DataContractSerializer… >>> More
Azure Mobile Services: what files does it consist of?

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Azure Mobile Services is a platform that provides a small set of functionality consisting of authentication, custom data tables, custom API’s, scheduling scripts and push notifications to be used as the back-end of a mobile application or if you want, any application or web site. As described in my… >>> More
Retrieving Json Array

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am trying to retrieve the values from the following url: http://rentopoly.com/ajax.php?query=Bo. I want to get the values of all the suggestions to be displayed in a list view one by one. This is how i want to do... public class AlertsAdd { public ArrayList<JSONObject> retrieveJSONArray(String… >>> More
Deserializing JSON data to C# using JSON.NET

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm relatively new to working with C# and JSON data and am seeking guidance. I'm using C# 3.0, with .NET3.5SP1, and JSON.NET 3.5r6. I have a defined C# class that I need to populate from a JSON structure. However, not every JSON structure for an entry that is retrieved from the web service contains… >>> More
Parsing nested JSON objects with JSON Framework for Objective-C

as seen on Stack Overflow - Search for 'Stack Overflow'
I have the following JSON object: { "response": { "status": 200 }, "messages": [ { "message": { "user": "value" "pass": "value", "url": "value" } ] } } I am using JSON-Framework (also tried JSON Touch) to parse through this and… >>> More