跨站脚本就是在url上带上恶意的js关键字然后脚本注入了,跨站伪造用户请求就是没有经过登陆,用超链接或者直接url上敲地址进入系统,类似于sql注入这些都是安全漏洞。
1、参数化查询预处理,如java使用PreparedStatement()处理变量。
一般性建议:转义或过滤客户端提交的危险字符,客户端提交方式包含GET、POST、COOKIE、User-Agent、Referer、Accept-Language等,其中危险字符如下: 开发语言的建议:
方案一、存在漏洞的页面加验证码或手机短信验证 request.getSession().invalidate() ; //清空session if (request.getCookies()!=null) { Cookie cookie = request.getCookies()[0]; // 获取cookie cookie.setMaxAge(0); // 让cookie过期 }"
[1]严格判断上传文件的类型,设置上传文件白名单,只允许上传指定类型的文件。
"升级Jquery到1.7版本以上,或在js中修改如下行,quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/
修改web.xml,增加如下配置 <login-config> <!-- Authorization setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <realm-name>Client Cert Users-only Area</realm-name> <auth-method>BASIC</auth-method> </login-config> <security-constraint> <!-- Authorization setting for SSL --> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/oa/login.jsp</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <!-- 禁止不安全的http方法 --> <security-constraint> <web-resource-collection> <web-resource-name>fortune</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint>
对每个错误的登录尝试发出相同的错误消息,不管是哪个字段发生错误,特别是用户名或密码字段错误。
以下是我自己写的一份拦截器,里面可以实现对http请求的参数拦截,解决跨站脚本注入: package com.asiainfo.aiga.common.filter; import java.io.IOException; import java.util.Enumeration; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; public class XSSCheckFilter implements Filter { private FilterConfig config; private static String errorPath;//出错跳转的目的地 private static String[] excludePaths;//不进行拦截的url private static String[] safeless = { "<script", //需要拦截的JS字符关键字 "</script", "<iframe", "</iframe", "<frame", "</frame", "set-cookie", "%3cscript", "%3c/script", "%3ciframe", "%3c/iframe", "%3cframe", "%3c/frame", "src=\"javascript:", "<body", "</body", "%3cbody", "%3c/body", "alert", "script", "document", "document.title", "document.write", "eval", "prompt", "onreadystatechange", "javascript", "msgbox" //"<", //">", //"</", //"/>", //"%3c", //"%3e", //"%3c/", //"/%3e" }; public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException { Enumeration params = req.getParameterNames(); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; boolean isSafe = true; String requestUrl = request.getRequestURI(); if (isSafe(requestUrl)) { requestUrl = requestUrl.substring(requestUrl.indexOf("/")); if (!excludeUrl(requestUrl)) { while (params.hasMoreElements()) { String cache = req.getParameter((String) params.nextElement()); if (StringUtils.isNotBlank(cache)) { if (!isSafe(cache)) { isSafe = false; break; } } } } } else { isSafe = false; } if (!isSafe) { request.setAttribute("msg", "There is some illegal characters in paramters."); request.getRequestDispatcher(errorPath).forward(request, response); return; } else { String referer = request.getHeader("referer"); if (!("/index.jsp".equals(request.getServletPath()) || "/refresh.jsp".equals(request.getServletPath()))) { if(request.getServletPath()!=null&&request.getServletPath().endsWith(".action")){ }else if (referer == null || !referer.contains(request.getServerName())) { System.out.println("跨站请求伪造"); //转到一个错误的图片 request.getRequestDispatcher(errorPath).forward(request, response); } } } filterChain.doFilter(req, resp); } private static boolean isSafe(String str) { if (StringUtils.isNotBlank(str)) { for (String s : safeless) { String[] strs = str.split("/"); for (String urlStr : strs) { if (s.equals(urlStr.toLowerCase())) { return false; } } } } return true; } private boolean excludeUrl(String url) { if (excludePaths != null && excludePaths.length > 0) { for (String path : excludePaths) { if (url.toLowerCase().equals(path)) { return true; } } } return false; } public void destroy() { } public void init(FilterConfig config) throws ServletException { this.config = config; errorPath = config.getInitParameter("errorPath"); String excludePath = config.getInitParameter("excludePaths"); if (StringUtils.isNotBlank(excludePath)) { excludePaths = excludePath.split(","); } } }
|
|