XML Validation using java for SQL Injection and script validation

Similar Messages

• How to read the data from Excel file and Store in XML file using java

  Hi All,
  I got a problem with Excel file.
  My problem is how to read the data from Excel file and Store in XML file using java excel api.
  For getting the data from Excel file what are all the steps i need to follow to get the correct result.
  Any body can send me the code (with java code ,Excel sheet) to this mail id : [email protected]
  Thanks & Regards,
  Sreenu,
  [email protected],
  india,

  If you want someone to do your work, please have the courtesy to provide payment.
  http://www.rentacoder.com

• When to use @Resource and when to use @EJB for dependency injection

  Hi,
  When do you use
  @Resource and when do you use @EJB for dependency injection?
  Thanks

  Captain obvious: Use @EJB for injection of EJBs, and @Resource for everything else.
  There was a discussion about this very topic quite recently, perhaps you can find it through the search.

• Whenever I use something which uses Java (for example, an online game) and then click the address bar, it seems that the address bar is disabled.

  Whenever I use something which uses Java (for example, an online game) and then click the address bar, it seems that the address bar is disabled. I cannot highlight or type in the address bar unless I interact with another program and then switch back to Firefox. When I interact with Java again, the same problem persists! Help!
  Sorry, I didn't know what category this should be under, but it's urgent.

  Perform the suggestions mentioned in the following articles:
  * [https://support.mozilla.com/en-US/kb/Template:clearCookiesCache/ Clear Cookies & Cache]
  * [[Troubleshooting extensions and themes]]
  Check and tell if its working.
  Some of your Firefox Plugins are out-dated
  * Update All your Firefox Plugins -> [https://www.mozilla.org/en-US/plugincheck/]
  * '''When Downloading Plugins Update setup files, Remove Checkmark from Downloading other Optional Softwares with your Plugins (e.g. Toolbars, McAfee, Google Chrome, etc.)'''

• How to write as XML file using java 1.5

  hi all,
  i am trying to create an XML file using java 1.5. I took a XML creating java file which was working with java 1.4 and ported same file into java 1.5 with changes according to the SAX and DOM implmentation in java 1.5 and tried to compile. But while writing as a file it throws error "cannot find the symbol."
  can any body help me out to solve this issue.......
  thankx in advance
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.Node;
  import org.w3c.dom.NodeList;
  import org.w3c.dom.NamedNodeMap;
  import org.xml.sax.SAXException;
  import org.xml.sax.SAXParseException;
  import org.xml.sax.DocumentHandler;
  import org.xml.sax.InputSource;
  import org.xml.sax.helpers.ParserFactory;
  import java.io.*;
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();                   
                 dbf.setNamespaceAware(true);
  DocumentBuilder db = dbf.newDocumentBuilder();                   
  Document xmlDoc =  db.newDocument();
  // this creates the xml document ref
  // parent node reference
  Element rootnd = (Element) xmlDoc.createElement("ALL_TABLES");
  // root node
  xmlDoc.appendChild(rootnd);
  Element rownd = (Element) xmlDoc.createElement("ROW");
  rootnd.appendChild(rownd);
  Element statusnd = (Element) xmlDoc.createElement("FILE_STATUS");
  rownd.appendChild(statusnd);
  statusnd.appendChild(xmlDoc.createTextNode("Y")
  FileOutputStream outpt = new FileOutputStream(outdir + "//forbranch.xml");
  Writer outf = new OutputStreamWriter(outpt, "UTF-8");
  //error is occuring here Since write method is not available in the Document class
  xmlDoc.write(outf);
  outf.flush();

  Hi,
  when I look in the JDK1.4.2 specification I don't see any write method in the Document interface.
  However, your solution is the Transformer class. There you transform your DOM tree into any output you need. Your code sould look something like this:     TransformerFactory tf = TransformerFactory.newInstance();
       // set all necessary features for your transformer -> see OutputKeys
       Transformer t = tf.newTransformer();
       t.transform(new DOMSource(xmlDoc), new StreamResult(file));Then you have your XML file stored in the file system.
  Hope it helps.

• SQL Injection and cfqueryparam

  I was told to look into <cfqueryparam> to assist in
  fighting sql-injection
  and it makes perfect sense, up until I thought of a different
  scenario...
  This tag seems great when you are dealing with numbers or
  text that you can
  restrict the number of characters, but what if you have a
  textarea that
  allows for a large amount of text to be entered? I.E. a
  search field for
  records that uses keywords.
  How you stop someone from entering damaging sql into an area
  that accepts
  this?
  Thanks for any education.
  Wally Kolcz
  MyNextPet.org
  Founder / Developer
  586.871.4126

  WebDev wrote:
  It works because <cfqueryparam ....> tells the DBMS
  that this data is a
  value NOT SQL. The DBMS will then never process it as SQL.
  When you
  write the SQL and Values straight into the code, then the
  DBMS does not
  know what is what and assumes it all must be SQL.
  An Example...
  <cfquery ....>
  SELECT aField FROM aTable WHERE aField = '#aValue#'
  </cfquery>
  With this code, ColdFusion process the entire body of the
  <cfquery...>
  tag into a string and sends that entire string to the DBMS as
  SQL. The
  DBMS then processes what it was given. If somebody can modify
  the
  aValue variable to change the SQL string - that is what is
  processed.
  <cfquery ...>
  SELECT aField FROM aTable WHERE aField = <cfqueryParam
  value="#aValue#"...>
  </cfquery>
  With this code ColdFusion process the SQL and the queryParam
  as separate
  things. It sends the DBMS the SQL with parameters and a list
  of values
  to be used in those parameters. The DBMS knows the parameters
  are not
  SQL and will not process it as SQL and if the parameter
  contains SQL it
  will just be used as a value and not parsed.
  FYI... That is how <cfqueryparam...> can improve
  performance. By
  knowing what parts of the SQL are variables, it can cache the
  SQL and
  just use different variables when they are passed to the
  DBMS.
  HTH
  Ian

• SQL Injections and XSS - Escaping Special Characters

  Hi, hope someone can help in regards to security and SQL Injections and XSS.
  We are using APEX 4.0.2 on Oracle 11.2.0.2.
  1. It seems the special characters we have entered into normal 'Text Items' 'Text Areas' etc are not being escaped (ie <,>,&, '). If I enter them into the field (ie Surname) they are saved as is into session state and the database - no escaping. Am I missing something such as an environment setting as I thought the "smart" oracle escaping rules would cater for this.
  Surely I don't have to manually do each of then.
  Just to confirm, am I looking in the correct places to assess if the characters are escaped or not - ie should they show as '&amp;&lt;&gt;' in session state and/or the database ?
  2. Also, for the Oracle procedures such as '‘wwv_flow.accept’ , ‘wwv_flow.show’ , 'wwv_flow_utilities.show_as_popup_calendar' - do these escape special characters. If not, then they must be vulnerable to SQL Injections attacks.
  Thx
  Nigel

  Recx Ltd wrote:
  Just to pitch in, escaping values internally (either in the database or session state) is extremely problematic. Data searches, string comparison, reporting and double escaping are all areas which suffer badly when you do this.
  Stripping characters on input can also cause problems if not considered within the context of the application. Names such as "O'Niel", statistical output such as "n < 300", fields containing deliberate HTML markup can be annoying to debug. In certain situations stripping is totally ineffective and may still lead to cross-site scripting.
  Apex applications that share the database with other applications will also be affected.
  The database should contain 'raw' unfettered data and output should be escaped properly, as Joel said, at render time. Either with Apex attributes or using PLSQL functions such as htf.escape_sc() as and when required.Do not needlessly resurrect old threads. After a couple of months watches expire and the original posters are not alerted to the presence of your follow-up.
  Shameless plug: If you are in the game of needing to produce secure Apex code, you should get in touch.This crosses the line into spam: it violates the OTN Terms of Use&mdash;see 6(j).
  Promotional posts like this are liable to be removed by the moderators.

• XML Reading Using Java Servlet

  I need some help in reading xml file using java servlet.
  May i have some sample codes to read xml files?
  I would really appreciate your help. Thanks!!!

  This grabs a url and parses it with a servlet.
  URL befreeUrl = new URL(urlString);
  uri = new URI(urlString);
  URLConnection yc = befreeUrl.openConnection();
  BufferedReader in = new BufferedReader(new InputStreamReader(yc.getInputStream()));
  SAXParserFactory factory = SAXParserFactory.newInstance();
  SAXParser parser = factory.newSAXParser();
  factory.setValidating(true);
  out = new OutputStreamWriter(System.out, "UTF8");
  DefaultHandler handler = new BeFreeRequestSAXParser(); /* custom handler class */;
  parser.parse(uri.toString(), handler);
  in.close();

• Can I use Java for PI database?

  Does anyone ever used Java for PI dababase? Is it possible?
  I know PI has an ODBC driver including core SQL conforming to
  Micro$oft standard. Does it make the JDBC-ODBC bridge
  solution possible?
  Thanks a lot.
  (PI database is the database developed by OSISOFT for plant information database.)

  Thank you for your reply.
  We haven't set up our PI database yet. I am just investigate the possiblity so that we can decide which direction to go. VB or Java basically.
  Thanks again.

• ACE for sql injection filtering

  I have an ACE module in a Cat6500, that is load balancing to some HTTP servers.
  occasionally there are SQL injection attacks towards the http servers.
  I know the ACE can filter based on http strings, but
  If you can provide me with some basic templates on what to filter out and how to format the string
  to stop SQL injection attacks, that would be of great help.
  Cheers.

  There are various signatures which are availbale for configuration for sql injection attacks. The signatures are some times application specific and it may not fit other application. Following links may help you
  http://www.cisco.com/en/US/products/ps7314/products_white_paper0900aecd8068dcdb.shtml
  http://www.cisco.com/en/US/products/ps7314/products_white_paper0900aecd80661ca6.shtml

• Merging 2 message history xml files using java

  hi., i'm new to xml programming..
  well..., i got homework bout it..., and got a lot of problems to write it..
  could you help me a favor??
  I need to write a homework bout merging 2 MSN mssg history files (xml files) using java.
  At least need to maintain their date, time, sender, receiver, and information(sayings)....and are ordered using time..
  can u help me??

  Well, show us what you've got and where you are having difficulty.

• Valid to date for BOM Header and Item

  Hello everyone,
  I have been searching for "valid-to" date for BOM header and Items since several days but no luck ..
  I know we can see it using transactions cs11/cs03 etc. But i wish to know the table where they are stored. As I need to extract them to BW.
  Any help will be highly appreciated.
  Thanks in advance!
  Regards,
  Anuj

  Hi Anuj
  In table STPO,the field AEDAT gets updated only when a change number is used,otherwise the valid to date will be shown nil here.
  And also ref the link
  Problem finding Valid To Date or Change number to on BOM
  pavan

• PLEASE help!! I use Outlook for my email and the Mail App Icon in my dock was also storing all my emails. So, I tried to delete ONLY the emails in the Mail App but somehow (under Preferences maybe?) I also deleted all my emails in my Outlook inbox.

  PLEASE help!! I use Outlook for my email and the Mail App Icon that is in my dock, that I know nothing about, was also storing all my emails. So, I tried to delete ONLY the emails in the Mail App but somehow (under Preferences maybe?) I also deleted ALL my OUTLOOK emails in my inbox.  Can someone please please tell me if there is a way to get my Outlook inbox emails back OR EVEN the emails that were in my Mail app - because even tho I never use the Mail app, at least the emails would be there.
  When I was trying to delete the emails in my inbox for the Mail app - I followed THESE directions.  It did in fact clear my inbox for the Mail app.  But then I went to log on to my Outlook account and EVERY SINGLE EMAIL was gone.  And not in the Deleted box.  Just gone.  Here are the directions I followed that screwed everything up.  Please help.
  Top menu bar, Mail > Preferences > Accounts > Mailbox Behaviors.
  Uncheck "Store deleted messages on the server".
  At the drop list for "Permanently erase deleted messages when", choose "Quitting Mail".
  Next...
  Top menu bar, Mail > Preferences > General.
  At "When searching all mailboxes, include results from", uncheck "Trash".
  Select All = command A

  i found out my prob!
  here is what you do.
  go to the "system preferences" on your dock.
  click "software updates".
  click "installed software"
  if it shows something about a recent update about "EFI UPDATE, FIRMWARE, THUNDERBOLT" or anything like that, exit out of it.
  go to mail.
  click "mail" at the top.
  click "preferences...".
  find the account you are having trouble with, once you do, make sure its highlighted, then click the "-" at the bottom of the window (this will only effect that mail account, it will not effect your ical weather or not its synced thought that email account)
  hit the "+" (right next to the "-") and add your accout back!
  its something with that update that effected mail, i hope this works out for you, if not reply back

• I just installed the Lion operating system, basically to upgrade my iPhone. I didn't realize that my Microsoft Office 2004 application would no longer work. I have been using Word for my writing and I receive most of my emails with Word attachments. I hav

  I just installed the Lion operating system, basically to upgrade my iPhone. I didn't realize that my Microsoft Office 2004 application would no longer work. I have been using Word for my writing and I receive most of my emails with Word attachments. I have been using Apple products for years, always touting their reliability and customer service. I am not a techie, I just want to be able to do what I do on the computer and Apple always fulfilled my needs. Now I am told because of some operating system gobbledygook, I have to go out and purchase new software to use Word. This is despicable. I see no particular benefit to using Lion, but I do see a lot of detriments. Apple now seems to have turned into Microsoft, making software obsolete so they can make more money and to **** with the customer. You can be sure that my next computer will be a PC. I have completely lost confidence in Apple.

  I seem to never tire of saying this. It was for Apple when they first announced 10.7 to disclose this. Yes, it was widely reported -- or rather, rumored -- but not by Apple. And many people who have gotten caught by this assumed that Apple itself would have told them beforehand about the loss of this very important feature which they had come to rely on. As far as I know, not even in fine print, does this appear anywhere on the Lion announcement or any of its links.
  I am not saying Apple had to continue Rosetta in Lion, or forever, just that if it was going to be dropped, it should have been made known.
  As relative "insiders" we should not forget that many people don't have the time, habit or interest to do this kind of research. I think it is a breach of trust that Apple has never directly made this announcement or given people the opportunity to decide beforehand if giving up their PPC apps for a new OS is a worthwhile tradeoff.

• I have a 1TB external hard drive (NTFS) that has all my files from my old PC, how do I create a partition on it for HFS  without formatting it so that I can use it for Time Machine and the like?

  I have a 1TB external hard drive (NTFS) that has all my files from my old PC, how do I create a partition on it for HFS  without formatting it so that I can use it for Time Machine and the like?

  There aren't any 3rd party apps or anything. I use PC's and Mac's at school and the only computer connected to a printer at my house is a PC so i need access to both