Hi,
Using Struts 2.1.8, I just ran into a security issue in my application
configuration which was a bit difficult to diagnose and turned out to be due
to a struts feature which unexpectedly bypassed my security configuration.
As with many systems, I am using a web filter security mechanism (Sprin
Maurizio,
Video tag was an example picked by me and yes by that all i mean is is it
not better that we have something a simple
tag to display video in any application instead we are making our dependecny
on thrird party plugin like Flash etc
Though HTML5 sepc are still in middle way but they have
2010/12/8 Obinna :
> Though not a bug, I can imagine that this unexpected behavior can catch many
> developers out and can be difficult to diagnose. It also requires that
> security considerations be handled (or at least considered) in the jsp,
> which seems to break proper separation of concerns
Hi All
I am a sr web developer working on struts , my issue is that the old Error
message on the previous submission has been added to current error message
and been displayed to Jsp , my form bean is in session scope , i am using
the validate method for doing this validation, anybody having any
Please, do not waste reviewers time directing public discussion to
security@ lists at the ASF. The developers who would resolve any such
issue reside at their respective dev@ lists.
If you want to point out an undisclosed, undiscussed issue, then the
appropriate security@ list would be the place
Please ask questions about using the framework on the user list:
http://struts.apache.org/mail.html
--
Martin Cooper
On Wed, Dec 8, 2010 at 1:42 AM, ela-chennai wrote:
>
> Hi All
>
> I am a sr web developer working on struts , my issue is that the old Error
> message on the previous submissio
