Filter - Operation

+ NASA Homepage
+ NASA en Español
+ Contact NASA

	Search the Engineering Node:

Planetary Data System - Engineering Node Banner

Last Published: 2014-03-30 | Version: 0.1.0

Dev Home | PDS4 | Portal | Filter

Software Documentation

About Filter
Installation
Operation

Download

Project Documentation

Operation

This document describes how to operate the Filter software contained in the filter package. The Filter software is a library for filtering parameter values passed into web applications. There is no direct interface for interacting with the software. Once it has been installed in the Java Application Server and configured for the desired scope, it will filter all requests for parameter values. The software accomplishes this by overriding the following methods of the HttpServletRequest class:

getHeader()
getParameter()
getParameterValues()

The filter works by striping out known strings (e.g., <script>, etc.) from user-submitted values associated with Cross-Site Scripting (XSS). It also looks for other characters (e.g., $, @, etc.) that might facilitate Blind SQL Injection, and just blanks out the value if any of these are found.

+ Freedom of Information Act
+ NASA 2003 Strategic Plan
+ NASA Privacy Statement, Disclaimer, and
Accessiblity Certification
+ Copyright/Image Use Policy

Curator: Emily.S.Law
Webmaster: Maryia Sauchanka-Davis
NASA Official: William Knopf
Last Updated:
+ Comments and Questions