Best Practices

Security Best Practices

Essential security practices for Oorian applications.

M. WarbleMay 14, 20261 min read
Security Best Practices

Security is critical for web applications. Here are best practices specific to Oorian development.

Input Validation

Always validate user input on the server:

String email = params.getParameterValue("email");
if (!isValidEmail(email))
{
    throw new ValidationException("Invalid email");
}

Output Encoding

Oorian automatically encodes output, preventing XSS. Don't bypass this with raw HTML unless necessary.

Authentication

Implement proper session management. Check authentication in page constructors or base classes.

Authorization

Verify permissions before actions:

if (!currentUser.canDelete(item))
{
    throw new UnauthorizedException();
}

HTTPS

Always use HTTPS in production. Configure your server to redirect HTTP to HTTPS.

Conclusion

Follow standard web security practices. Oorian's server-side model means most logic runs where you control it.

Share this article

Related Articles

Deep Dive

Logging and Error Handling in Oorian: A Complete Guide

February 24, 2026
Architecture

Event Handling in Oorian

February 19, 2026
Deep Dive

Oorian Add-Ons: Server-Side Building Blocks for Real Applications

February 17, 2026