Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Liferay security APIs List - LR 7.0
HtmlUtil - to prevent XSS
HtmlUtil#escapeXPath - prevent XPath injection
AuthTokenUtil#checkCSRFToken - check CSRF tokens
FileUtil#createTempFile* - prevent file system related issues
PortalUtil#escapeRedirect - prevent open redirects
StringUtil#random* - insecure but random enough strings
PwdGenerator#getPassword, SecureRandomUtil – cryptographically strong pseudorandom output, optimized for performance
PasswordEncryptorUtil - verification and creation of strong password hashes, configured to use PBKDF2 by default
DigesterUtil - SHA-1 hashes, nowadays usable at most for file checksums
source - https://dev.liferay.com/discover/deployment/-/knowledge_base/7-0/liferay-portal-security-overview#secure-development-recommendations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.