On 12/3/07, Ing. Andrea Vettori <[EMAIL PROTECTED]> wrote: > I'm happy to know that a complete solution is being planned/developed. > I just say that if the security problem is caused only by bad > programming practice, removing EL evaluation into S2 tld is causing > upgrading problems to many well-written applications.
It isn't so much bad programming practices as unintentionally opening your application up to abuse. If you are confident that your application isn't vulnerable, feel free to replace the struts-tags.tld in the struts jar with one that allows expressions. The 10 minutes that will take will probably save you tons of time. Don > > -- > Ing. Andrea Vettori > Consulente per l'Information Technology > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]