001    // Copyright (c) 2001 Hursh Jain (http://www.mollypages.org) 
002    // The Molly framework is freely distributable under the terms of an
003    // MIT-style license. For details, see the molly pages web site at:
004    // http://www.mollypages.org/. Use, modify, have fun !
005    
006    package fc.web.forms;
007    
008    import javax.servlet.*;
009    import javax.servlet.http.*;
010    import java.io.*;
011    import java.util.*;
012    import java.sql.*;
013    
014    import fc.jdbc.*;
015    import fc.io.*;
016    import fc.util.*;
017    
018    /** 
019    This class handles form submit data that may have been hacked/modified
020    by the client. By default, this class logs a warning. Subclasses should
021    override the {@link #handle} method as needed.
022    
023    @author hursh jain
024    **/
025    public class SubmitHackedHandler
026    {
027    protected Log  log;
028    
029    public SubmitHackedHandler(Form form)
030      {
031      this.log = form.log;
032      }
033      
034    /**
035    This method should handle submit data that is hacked (different than
036    the options/values allowed by the html form). Possible actions are
037    to log an error, email the developers, identify compromised machines etc.
038    <p>
039    If this method throws a {@link SubmitHackedException}, then further
040    form processing will stop and the invoking page/servlet can handle the
041    exception appropriately.
042    <p>
043    The default implementation simply logs the error and then returns.
044    */
045    public void handle(HttpServletRequest req, String msg) throws SubmitHackedException
046      {
047      log.warn("HACKLERT: IP=", req.getRemoteAddr(), ": ", msg);
048      }
049      
050    }          //SubmitHackedHandler