I believe Struts have provide a basic mechanism to resolve
the problems associated with the multiple submits. But when
considering this in a security issue context, we might have rooms
to enhance the mechanism - here is my little thoughts:
1) Since the transaction token is visible by client
Marcel Kruzel wrote:
Thanx for so many replies!
Precisely! the transactionToken does help if You
want to detect multiple THE SAME submits. But this is not
our issue here. If the second submit contains different values,
the session scoped form bean will get populated
before I am able to
Most inquiries regarding how to use Struts should be posted to the USER
list.
See
http://www.tuxedo.org/~esr/faqs/smart-questions.html
for more about the best way to ask questions on an open source mailing
list.
The best advice is to review the list archives to get a feel for how
things
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10380.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
The general workflow is for all requests to go through an Action before
they go out to a JavaServer Page. Any objects that need to be
initialized should be initialized by the Action, and then forwarded out
to the page. If the ActionForm is part of the Action's mapping, then the
controller will
At 4:03 PM -0400 2002/07/02, [EMAIL PROTECTED] wrote:
(I'm not proposing autopopulating anything -- the Action has to
fetch the value object anyway. I just want to reference it directly
using syntax like valueObject.name from my form tags... This
*avoids* aupopulating or having to synchronize
Hi,
I got the following error messages when I download the struts 1.1b src
and modified
build.properties and build.xml. From the error, it looks like that xalan.jar
is not included in the classpath so that the class is not found. But I have
double checked and have added after all the places
On Tue, 2 Jul 2002, Marcel Kruzel wrote:
Date: Tue, 02 Jul 2002 10:14:05 +0200
From: Marcel Kruzel [EMAIL PROTECTED]
Reply-To: Struts Developers List [EMAIL PROTECTED]
To: Struts Developers List [EMAIL PROTECTED]
Subject: Re: Security issues with Struts
I believe Struts have provide a
Offhand, it looks like you don't have Xalan in your $ANT_HOME/lib
directory, of that you're trying to mix in a Xalan from a different
version (Ant 1.4 ships with the parser from JAXP/1.1, and you should use
the Xalan from the same release versus something later).
Craig
On Tue, 2 Jul 2002,
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10322.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10322.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
I spent some time skimming through the JSP 2.0 draft spec. (Close to 400
pages! It makes my head spin... I may not know what I'm talking about.)
It seems to me the new Simple Tag Extension + Jsp Fragment is Tiles on
steroid. Is my impression close enough to the reality? Or I'm completely off?
12 matches
Mail list logo
