On Thu, 4 Jul 2002, Phil Steitz wrote:
Date: Thu, 4 Jul 2002 01:20:04 -0400
From: Phil Steitz [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re: Security issues with Struts
IMHO, Struts already provides a solid
- Original Message -
From: Craig R. McClanahan [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Sent: Tuesday, July 02, 2002 6:16 PM
Subject: Re: Security issues with Struts
On Tue, 2 Jul 2002, Marcel Kruzel wrote:
Date: Tue, 02 Jul 2002 10:14:05 +0200
From
: Jing Zhou [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re: Security issues with Struts
I believe Struts have provide a basic mechanism to resolve
the problems associated with the multiple submits. But when
- Original Message -
From: Craig R. McClanahan [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Sent: Monday, July 01, 2002 11:54 AM
Subject: Re: Security issues with Struts
There are at least a couple of issues that I can pull out of your problem
description -- here's my
Marcel Kruzel wrote:
Thanx for so many replies!
Precisely! the transactionToken does help if You
want to detect multiple THE SAME submits. But this is not
our issue here. If the second submit contains different values,
the session scoped form bean will get populated
before I am able to
On Tue, 2 Jul 2002, Marcel Kruzel wrote:
Date: Tue, 02 Jul 2002 10:14:05 +0200
From: Marcel Kruzel [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re: Security issues with Struts
I believe Struts have provide
This does sounds like a problem if you use session scoped forms. It seems to
me like a good reason not to use session scoped forms and another reason to
minimize use of the session in general. Sessions have other problems that
arise when a user opens multiple browsers for example. It also argues
-Original Message-
From: Hal Deadman [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 9:49 AM
To: 'Struts Developers List'
Subject: RE: Security issues with Struts
This does sounds like a problem if you use session scoped forms.
It seems to
me like a good reason not to use session
There are at least a couple of issues that I can pull out of your problem
description -- here's my thoughts on them.
REUSE OF FORM BEANS
You only have to worry about reuse of the same physical form bean on
multiple requests if you are using session scope to save them in. If you
are using
further thoughts?
Jing
- Original Message -
From: Craig R. McClanahan [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Sent: Monday, July 01, 2002 11:54 AM
Subject: Re: Security issues with Struts
There are at least a couple of issues that I can pull out of your problem
On Mon, 1 Jul 2002, Jing Zhou wrote:
Date: Mon, 1 Jul 2002 14:41:25 -0500
From: Jing Zhou [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re: Security issues with Struts
I believe Struts have provide a basic
11 matches
Mail list logo