Strategy for security in Wink REST Server based applications?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Strategy for security in Wink REST Server based applications?

Brian Laskey
I was trying to determine this from the documentation, but had a question around how some aspects of security are handled by Wink or not for a REST server applications.

Mostly around cross-site scripting type attacks, but if there are any thoughts around other kinds of scenarios.

Starting with cross site scripting, since various user inputs can be sent to the server as query parameters or in the request body, does Wink servlet itself handle any either encoding / escaping of inputs, or for escaping the output in case of Exceptions being thrown by the server? Or is it up to the implementation for each Resource to properly sanitize inputs and responses, especially in case of error messages?


Thanks,
Brian