Today I noticed that Hibernate Validator has been released for production use. This allows you to add annotations to your beans being persisted by Hibernate and Hibernate will help to enforce those data requirements. This is great in and of itself. However it appears that when combine with JBoss Seam this validation is extended end-to-end. There isn’t a lot of documentation up on the site yet but I pulled down the package and will take a look at the docs over the weekend.
Seeing as ubiquitous input validation is crucial for enforcing application security this could be a very compelling reason to use Hibernate for object persistence. Keeping junk or potentially malicious data out of the database will help to guard against a number of attacks (stored XSS, some CSRF and so on). What would be even better would be to catch the malicious data even earlier in the process – before it touches any custom code – and it appears that the Seam integration does just that.
dan _at_ denimgroup.com