Method and system for stateless validation
First Claim
1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising the steps of:
- a) building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint;
b) receiving the response by the untrusted client;
c) building the subsequent request, the subsequent request including the subsequent request data and the validation rule;
d) sending the subsequent request to the server;
e) receiving the subsequent request at the server; and
f) validating the subsequent request data using the validation rule.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.
-
Citations
13 Claims
-
1. A method of validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising the steps of:
-
a) building a response with a validation rule, the response having a characteristic indicative of a constraint to be applied to subsequent request data, the validation rule including the constraint; b) receiving the response by the untrusted client; c) building the subsequent request, the subsequent request including the subsequent request data and the validation rule; d) sending the subsequent request to the server; e) receiving the subsequent request at the server; and f) validating the subsequent request data using the validation rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising:
-
means for building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints; means for receiving the response by the untrusted client; means for building the subsequent request, the subsequent request including the subsequent request data and the validation rule; means for sending the subsequent request to the server; means for receiving the subsequent request at the server; and means for validating the subsequent request data using the validation rule.
-
-
13. A storage medium readable by a computer encoding a computer program for execution by the computer to carry out a method for validating request data transmitted between an untrusted client and a server based on characteristics of a previous response comprising, the computer program comprising:
-
code means for building a response with a validation rule, the response having a characteristic indicative of constraints to be applied to subsequent request data, the validation rule including the constraints; code means for receiving the response by the untrusted client; code means for building the subsequent request, the subsequent request including the subsequent request data and the validation rule; code means for sending the subsequent request to the server; code means for receiving the subsequent request at the server; and code means for validating the subsequent request data using the validation rule.
-
Specification