Security is critical for web applications. Here are best practices specific to Oorian development.
Input Validation
Always validate user input on the server:
String email = params.getParameterValue("email");
if (!isValidEmail(email))
{
throw new ValidationException("Invalid email");
}Output Encoding
Oorian automatically encodes output, preventing XSS. Don't bypass this with raw HTML unless necessary.
Authentication
Implement proper session management. Check authentication in page constructors or base classes.
Authorization
Verify permissions before actions:
if (!currentUser.canDelete(item))
{
throw new UnauthorizedException();
}HTTPS
Always use HTTPS in production. Configure your server to redirect HTTP to HTTPS.
Conclusion
Follow standard web security practices. Oorian's server-side model means most logic runs where you control it.