By removing setter for it ?
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2012/7/4 J. Garcia jogaco...@gmail.com:
An interesting article that I found:
Lukas: that's not always viable though. You might need a setter for your
model object elsewhere, but don't want that action to set that property.
On Wed, 2012-07-04 at 14:57 +0200, Lukasz Lenart wrote:
By removing setter for it ?
Regards
You can always implement ParameterNameAware interface and boolean
acceptableParameterName(String parameterName);
Regards
--
Łukasz
mobile +48 606 323 122 http://www.lenart.org.pl/
Warszawa JUG conference - Confitura http://confitura.pl/
Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and top-quoting; on cell)
On Jul 4, 2012 8:49 AM, J. Garcia jogaco...@gmail.com wrote:
My action would have:
public void setMyBean( MyBean myBean) {...}
and I would like to avoid an
Implementing the ParameterNameAware interface with white/black list seems
the best solution.
Thanks,
J.
On Wed, Jul 4, 2012 at 3:51 PM, Dave Newton davelnew...@gmail.com wrote:
Then whitelist/blacklist.
Or don't expose sensitive data directly to the user.
Dave
(pardon brevity, typos, and
...@gmail.com]
Sent: 04 July 2012 14:49
To: Struts Users Mailing List; lukasz.len...@gmail.com
Subject: Re: data injection attack
My action would have:
public void setMyBean( MyBean myBean) {...}
and I would like to avoid an injection on myBean.field3. This field could be
the owner id for instance!
On Wed
; lukasz.len...@gmail.com
Subject: Re: data injection attack
My action would have:
public void setMyBean( MyBean myBean) {...}
and I would like to avoid an injection on myBean.field3. This field could
be the owner id for instance!
On Wed, Jul 4, 2012 at 3:34 PM, Łukasz Lenart
lukasz.len
7 matches
Mail list logo
