2014-05-23 13:51 GMT+02:00 Christoph Nenning <[email protected]>: > Add another preference to enable white listing ? > > So the framework would work out of the box (with security that is ok but > can be improved) and users taking security serious can enable it.
Yes, that's my idea - add two new constanta, ie. struts.allowedClasses and struts.allowedPackageNamePatterns - and add description here [1] then users can used them if they want [1] http://struts.apache.org/release/2.3.x/docs/security.html Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
