0

I am working with a URL which takes in the username for a GET call. Ex: https://example.com/details/< username >

However, if the username contains ".bat" or ".exe" (ex: mm.baty - https://example.com/details/mm.baty), there might be some security issues.

What are some suggestions for sending the username through the URL, without compromising the security issues.

Thank you for your help!

roshnet
  • 1,695
  • 18
  • 22
manvitha C
  • 7
  • 1
  • 3

1 Answers1

0

Assuming you're using query parameters (say /?username=userone), anyone can modify the value and enter some malicious values as parameter.

You can implement a regex pattern that checks the params for potentially malicious values, and deal with the response accordingly.

roshnet
  • 1,695
  • 18
  • 22