Best Practices

Security Best Practices

Essential security practices for Oorian applications.

M. WarbleNovember 26, 20261 min read
Security Best Practices

Security is critical for web applications. Here are best practices specific to Oorian development.

Input Validation

Always validate user input on the server:

String email = params.getParameterValue("email");
if (!isValidEmail(email))
{
    throw new ValidationException("Invalid email");
}

Output Encoding

Oorian automatically encodes output, preventing XSS. Don't bypass this with raw HTML unless necessary.

Authentication

Implement proper session management. Check authentication in page constructors or base classes.

Authorization

Verify permissions before actions:

if (!currentUser.canDelete(item))
{
    throw new UnauthorizedException();
}

HTTPS

Always use HTTPS in production. Configure your server to redirect HTTP to HTTPS.

Conclusion

Follow standard web security practices. Oorian's server-side model means most logic runs where you control it.

Related Articles

Security

Security by Default: How Oorian Protects Your Applications

January 11, 2026
Announcement

Why We Built Oorian: The Story Behind the Framework

January 7, 2026
Tutorial

Getting Started with Oorian: Your First Java Web Application

December 31, 2025