Perhaps this is more appropriate for the JSR311 mailing list so forgive me for posting this here.
I was reading a new IBM article on injection attacks today and it got me to thinking about how I will perform validation on my JSR311 application. I looked at the spec and didn't see parameter validation as a goal or non goal. I was curious on what are peoples opinions on this? Should parameter validation be application specific, handled as an extended feature of the JSR311 implementation, or be incorporated into the JSR311 spec like validation is in the JSF spec?
____________________________________________________________________________________Ready for the edge of your seat?
Check out tonight's top picks on Yahoo! TV.
http://tv.yahoo.com/