001 // Copyright (c) 2001 Hursh Jain (http://www.mollypages.org) 002 // The Molly framework is freely distributable under the terms of an 003 // MIT-style license. For details, see the molly pages web site at: 004 // http://www.mollypages.org/. Use, modify, have fun ! 005 006 package fc.web.forms; 007 008 import javax.servlet.*; 009 import javax.servlet.http.*; 010 import java.io.*; 011 import java.util.*; 012 import java.sql.*; 013 014 import fc.jdbc.*; 015 import fc.io.*; 016 import fc.util.*; 017 018 /** 019 This class handles form submit data that may have been hacked/modified 020 by the client. By default, this class logs a warning. Subclasses should 021 override the {@link #handle} method as needed. 022 023 @author hursh jain 024 **/ 025 public class SubmitHackedHandler 026 { 027 protected Log log; 028 029 public SubmitHackedHandler(Form form) 030 { 031 this.log = form.log; 032 } 033 034 /** 035 This method should handle submit data that is hacked (different than 036 the options/values allowed by the html form). Possible actions are 037 to log an error, email the developers, identify compromised machines etc. 038 <p> 039 If this method throws a {@link SubmitHackedException}, then further 040 form processing will stop and the invoking page/servlet can handle the 041 exception appropriately. 042 <p> 043 The default implementation simply logs the error and then returns. 044 */ 045 public void handle(HttpServletRequest req, String msg) throws SubmitHackedException 046 { 047 log.warn("HACKLERT: IP=", req.getRemoteAddr(), ": ", msg); 048 } 049 050 } //SubmitHackedHandler