Articles

Securing Your Web Application Requests
One often unanticipated vector for security attacks on web applications is the possibility that a user could hack the GET or POST request to send unanticipated or invalid data to the application. In this article, Eric Speigelberg shows how to use JSTL's URL encoding and a servlet filter to obfuscate or even encode parameters in each direction to thwart parameter-hacking. May. 20, 2008

Ajax Form Validation Using Spring and DWR, Revised
In a previous article, Eric Spiegelberg offered a design for using DWR to allow an Ajax-based web application to provide server-side validation of client-side input. After nearly a year in production, he's back with a cleaner, more efficient design. Dec. 4, 2007

Ajax Form Validation Using Spring and DWR
Validating user input in web apps doesn't lend itself to easy solutions: you don't want client-side validation to require you to duplicate your effort, but server-side validations may run long after the invalid input is entered. Eric Spiegelberg has an approach that uses Ajax, via Direct Web Remoting, to let your server-side validation code correct client-side entries on the fly. Feb. 8, 2007

Log4Ajax
AJAX developers, like all client-side JavaScripters, know that alert is their friend at development time, but as a logging tool, it's severely limited. Eric Spiegelberg offers more robust ideas for logging on the client side and logging from the client to the server.  Dec. 13, 2005