Hibernate Validator Released – End To End Validation Made Easy

Today I noticed that Hibernate Validator has been released for production use.  This allows you to add annotations to your beans being persisted by Hibernate and Hibernate will help to enforce those data requirements.  This is great in and of itself.  However it appears that when combine with JBoss Seam this validation is extended end-to-end.  There isn’t a lot of documentation up on the site yet but I pulled down the package and will take a look at the docs over the weekend.

Seeing as ubiquitous input validation is crucial for enforcing application security this could be a very compelling reason to use Hibernate for object persistence.  Keeping junk or potentially malicious data out of the database will help to guard against a number of attacks (stored XSS, some CSRF and so on).  What would be even better would be to catch the malicious data even earlier in the process – before it touches any custom code – and it appears that the Seam integration does just that.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *