Struts 2.
-Original Message-
From: Deborah White
Sent: Wednesday, November 14, 2018 1:34 PM
To: user@struts.apache.org
Subject: Question
Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or pri
As Paul said, you must avoid instance variables in Struts 1.
I once had a HUGE project that was written with Struts 1. Along with terrible
code I saw instance variables everywhere. I think over 650 action classes with
instance variables so I just re-wrote a few lines in the latest Struts 1 sour
Rene,
Thank you for your insight and advice.
I have successfully secured 5 production applications with proof of
concept before and after and have re-deployed these critical
applications in under 4 hours with very little down time.
Best Regards,
Eric
>>> Rene Gielen 5/1/2014 2:59 PM >>>
As c
Looks like a struts 1 application, why not struts 2?
It appears you are capturing request element instead of using the framework,
which will work fine but is just a bad practice.
Certain versions of Weblogic hiccup on comments in html and config files. Also
try port 7101 which is the default on
Security has, and should be an open arrangement between developers and
the clients for which they develop code.
This relationship is as follows:
1. I detect an exploit in YOUR code.
2. I inform you of the exploit along with a proof of concept.
3. I give you time to release a patch and notify
Couple Questions:
Can a core developer please respond as to which lib's are required for struts 2
to function on the most basic level. (No logging, plugins, etc)
I have the latest core, and it seems x-work... any others? (I cannot use maven)
Why does the struts project package commons-logging,
n though struts can be hacked, look at all those .jar files you
included and run on your server with high level permissions. Those too
can be full of exploits and most of those libs are just downloaded from
the net by amateur developers.
Eric Reed
New York State Department of Education
>&g
You can't rely on anyone's code for security, not a .jar, not struts, not
anything.
To guarantee security you need to go through every single entry point and fuzz
it yourself. This is a major pain and headache and only .001% of devs do this
but don't blame the developers that are providing a fr
I agree, you should be using indexed tags, and they are two different things as
Dave has stated.
>>> Dave Newton 6/27/2013 5:19 PM >>>
On Thu, Jun 27, 2013 at 4:38 PM, Eric Lentz
wrote:
> value="%{foos[#stat.index].aString}" />
>
Here you're doing to explicitly different things:
1. Pr
Pretty straight forward, google AJAX... basically you use java script to send
and receive requests without the need for user interaction. Kind of off topic
when it comes to struts and there are many examples out there, use the GOOG.
Also this is a lot of work for a progress bar going from one p
This was a problem with Struts 1.3 which reuses action classes. On a large
project I took over the only real solution was to open up the Struts 1.3 source
and re-code it because the app was too big to replace all the instance
variables.
Using "global / instance" variables is a bad coding practi
I am continuing to upgrade a massive struts application and have a problem with
the tag.
In all the documentation I have read, this tag is supposed to evaluate to true
if the parameter is not present or null. This is the way it has been working
until I upgraded to the newest version of JDevelo
someone has a good solution.
>>> Gabriel Belingueres 1/13/2012 2:07 PM >>>
Isn't the variable defined in page scope?
A single ${srtcld} EL expression should suffice.
Gabriel
2012/1/13 Eric Reed :
> Everyone,
>
> I know this has nothing to do with Struts but maybe someone o
Everyone,
I know this has nothing to do with Struts but maybe someone one this mailing
list has encountered this problem before.
We have a massive project that I am upgrading from 10g to 11G. Going from OAS
to weblogic. This project was developed in '04 using '99 - 2001 technologies
(Struts 1.
Think of Struts as a flow control framework.. ie from one jsp or action class
to another. Struts has no care in the world what your DB is. Your main concerns
should be on the server side.
BTW:
It is always cheaper and quicker to do things one step at a time the right way.
For your company I w
By saying both code and name are unique... is this a composite key that must be
unique or do both fields have to be unique? If it is the composite key that
must be unique than I would skip the checks and catch the exception when
thrown. Otherwise if each field must be unique then you need to v
You should have an initialization servlet run at startup that can create such
an object.
>>> Scott Smith 11/10/2011 3:06 PM >>>
In struts 1, I used org.apache.struts.action.PlugIn as a way to create an
object at web app startup and put it into the application context so that all
sessions had
thout bringing your application to a halt.
The real problem however is on the client end, the browser will most likely
crash.
Eric Reed
NYS Education Department
Senior Developer
TEACH System
>>> Charles Godfrey 10/19/2011 9:49 AM >>>
Sorry, let me clarify.
I meant loading all
aeed Najahi wrote:
> Nope, not at all
>
> On Tue, Jun 14, 2011 at 2:48 PM, Eric Reed wrote:
>
>> After registering for this mailing list about a month ago I have been
>> receiving spam emails from Ghanna every other day. Is anyone else receiving
>> these?
After registering for this mailing list about a month ago I have been receiving
spam emails from Ghanna every other day. Is anyone else receiving these?
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For addition
g entity.
Thanks much for your input. It's appreciated. If there is something
wrong with the way I'm going about things then please feel free to set
me straight.
Justin
On Tue, May 3, 2011 at 8:37 AM, Eric Reed
wrote:
> Justin,
>
> Your error:
>> [java.lang.NoSuchMeth
Justin,
Your error:
> [java.lang.NoSuchMethodException:
> org.robbins.flashcards.model.Tag.setTagId([Ljava.lang.String;)] <<STRING
>public void setTagId(int tagId) { <-- INT
>this.tagId = tagId;
>}
Eric Reed
NYS Education Department
>>>
22 matches
Mail list logo
