[
https://issues.apache.org/jira/browse/WW-4540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14954375#comment-14954375
]
zhouyanming edited comment on WW-4540 at 10/13/15 5:03 AM:
-----------------------------------------------------------
setter/getter must be designed to ensure safety, getter method is readonly will
not change server state, setter method can always invoked by queryString,
setter can not invoked by DMI, action method should be {code:java}public String
method( ){code}, only String getter can be invoked.
was (Author: quaff):
setter/getter must be designed to ensure safety, getter method is readonly will
not change server state, setter method can always invoked by queryString.
> Enable Strict DMI by default
> ----------------------------
>
> Key: WW-4540
> URL: https://issues.apache.org/jira/browse/WW-4540
> Project: Struts 2
> Issue Type: Improvement
> Components: Core Actions
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Fix For: 2.5
>
>
> Struts 2 already supports {{Strict DMI}} but it's disabled by default.
> {{Strict DMI}} should be always enable to allow access only specific methods.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
