This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
Lifts Security
The Ten Reasons Why Lift Is Secure
As stated in this thread David explains Lifts security.
- Lift is resistant to XSS attacks. By default pages are composed in
XML rather than Strings. It takes the developer extra work to insert XSS
strings into output rather than having to make sure each String is properly
escaped before being cat’ed to the output.
- Lift is resistant to SQL Injection attacks because mapper and JPA do
not compose Strings into SQL statements, but rather bind well typed
parameters into prepared statements. So, if you go the normal path, you get
SQL injection resistance. If you want to manually craft a String to send as
a query, in mapper you have to “sign” the string with the time, date and a
certification that you’ve reviewed the String for SQL Injection problems.
- Lift never shells out. You can’t cause a file to be executed from a
Lift app unless your app manually uses Java’s Runtime.execute() call.
- By default, Lift creates opaque GUIDs to refer to components on the
server side (whether that’s a function to execute when a form field is
submitted, what to do on an Ajax call, etc.) By default, it’s easier to use
this callback mechanism than advertise a primary key or other sensitive
piece of information. Lift also has the KeyObfuscator which will create a
session-specific mapping of primary keys to opaque ids. Using
KeyObfuscator, you can send JSON objects to the client with stable primary
keys that are obfuscated and not usable outside the current session.
- By default Lift’s form fields contain GUIDs that are cryptographically
impossible to predict. It’s not possible to do CSRF because one does not
know the name of form fields (they are not stable).
- Lift has different production vs. development mode error messages.
There’s little information that leaks about underlying configurations, even
exceptions, in production mode.
- Lift uses the container’s session management (usually JSESSIONID) for
session management. As far as I know, Jetty, Tomcat, Glassfish are secure
in terms of the way they deal with sessions. Of course, anything that’s not
over SSL is vulnerable to a cookie stealing attack.
- Crypto key storage is a container-level issue. See #7
- See #7
- Lift’s sitemap is the best and most secure integration of UI and
page-level access. You can look at the sitemap to determine the access
control rules for a given page (it’s declarative) and it’s enforced long
before your page gets accessed.
Pages
- 1.0 -> 1.1 Possible code changes
- About: Lift Tags
- About: Maven Mini Guide
- About: Session State
- About: Snippets
- About: StreamingResponse
- About: URL Rewriting
- About: View First
- Committer Process, Tips and Tricks
- Example: CRUDify a Entity
- Example: Paginating Mapper-based snippets with sortable headers
- Example: Use TableEditor to manage simple lists
- Home
- How To: Binding View Content to Code
- How To: Configure Logging
- How To: Create a new Lift App
- How To: Fix file locking problem with jetty:run in Windows
- How To: Getting and Building from Source
- How To: Localization
- How To: Make radio lists and drop downs from Enumerations
- How To: Setting DocType
- How To: Unit test lift snippets with a logged in user
- How To: Work with one-to-many relationships
- Lifts Security
- Sites 'Powered by Lift!'
