最近公司的项目在进行国家某行业的安全检测,涉及到项目安全渗透等方面的问题;
参与项目的渗透等改造,是一个机遇与挑战,今后对与项目安全等方面会思考更多;
下面说说form表单对象提交,为了防止抓包,后台做的类型转化;一个简单的DEMO思路
1、数据库对象bean,属相与数据库中字段相同,有Integer,Boolean,Double等类型
2、form表单的对象formbean,所有属性都是String
3、将formbean的值赋值到bean对象,在赋值过程中对数据的安全性(类型转化的问题)进行判断,
form对象
1 package february.week1.safe; 2 /** 3 * Description: form表单的数据类型 4 * @Package february.week1.safe 5 * @author BIQI IS BEST 6 * @date 2018年2月5日 上午10:38:33 7 */ 8 public class PersonForm { 9 10 private String name; 11 12 private String sex; 13 14 private String age; 15 16 private String phoneNumber; 17 18 private String salary; 19 20 public PersonForm(String name, String sex, String age, String phoneNumber, String salary) { 21 super(); 22 this.name = name; 23 this.sex = sex; 24 this.age = age; 25 this.phoneNumber = phoneNumber; 26 this.salary = salary; 27 } 28 29 public PersonForm() { 30 super(); 31 } 32 33 34 public String getName() { 35 return name; 36 } 37 38 public void setName(String name) { 39 this.name = name; 40 } 41 42 public String getSex() { 43 return sex; 44 } 45 46 public void setSex(String sex) { 47 this.sex = sex; 48 } 49 50 public String getAge() { 51 return age; 52 } 53 54 public void setAge(String age) { 55 this.age = age; 56 } 57 58 public String getPhoneNumber() { 59 return phoneNumber; 60 } 61 62 public void setPhoneNumber(String phoneNumber) { 63 this.phoneNumber = phoneNumber; 64 } 65 66 public String getSalary() { 67 return salary; 68 } 69 70 public void setSalary(String salary) { 71 this.salary = salary; 72 } 73 74 @Override 75 public String toString() { 76 return "PersonForm [name=" + name + ", sex=" + sex + ", age=" + age + ", phoneNumber=" + phoneNumber 77 + ", salary=" + salary + "]"; 78 } 83 84 }