-Original Message-
From: Chris Pratt [mailto:thechrispr...@gmail.com]
Sent: Friday, December 17, 2010 1:08 PM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
Maybe if the OP moves the bean creation out of the prepare() method (so
the bean isn't available during
to work on it...
-David
-Original Message-
From: Chris Pratt [mailto:thechrispr...@gmail.com]
Sent: Friday, December 17, 2010 1:08 PM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
Maybe if the OP moves the bean creation out of the prepare() method
(so
?
-David
-Original Message-
From: Paweł Wielgus [mailto:poulw...@gmail.com]
Sent: Tuesday, December 21, 2010 5:09 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
Hi All,
adding just one note to what Marcus already said, will You be able to update
your whitelist every
, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is initialized then
Struts or OGNL will call getUser().setEmail(...) otherwise
[mailto:kenshin...@gmail.com]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is initialized
then Struts or OGNL will call
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is initialized
then Struts or OGNL will call getUser().setEmail(...) otherwise create a new
User
Message-
From: Steven Yang [mailto:kenshin...@gmail.com]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object
1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is initialized
then Struts or OGNL will call getUser().setEmail(...) otherwise create
-Original Message-
From: Steven Yang [mailto:kenshin...@gmail.com]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know
Message-
From: Steven Yang [mailto:kenshin...@gmail.com]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know
fail for you
again, i might be wrong on the behavior
On Thu, Dec 16, 2010 at 12:39 AM, Altenhof, David Aron
dalte...@iupui.eduwrote:
I've been getting more and more concerned about the possibility of
parameter manipulation attacks with Struts2. I've started doing
strict
: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is
initialized
then Struts or OGNL will call getUser
]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might be wrong, but what i know is if your object is
initialized
then Struts or OGNL
-Original Message-
From: Steven Yang [mailto:kenshin...@gmail.com]
Sent: Friday, December 17, 2010 1:10 AM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
is your user object initialized when the param interceptor is run?
here i might
of
validating all incoming data.
Now if I could only find a few spare cycles to work on it...
-David
-Original Message-
From: Chris Pratt [mailto:thechrispr...@gmail.com]
Sent: Friday, December 17, 2010 1:08 PM
To: Struts Users Mailing List
Subject: Re: Parameter manipulation
Maybe
, i might be wrong on the behavior
On Thu, Dec 16, 2010 at 12:39 AM, Altenhof, David Aron
dalte...@iupui.eduwrote:
I've been getting more and more concerned about the possibility of
parameter manipulation attacks with Struts2. I've started doing strict
whitelists using the ParameterNameAware
I've been getting more and more concerned about the possibility of parameter
manipulation attacks with Struts2. I've started doing strict whitelists using
the ParameterNameAware interface on all of my forms pages. However, today I
tried to code a display-only page that shows information about
through form parameters.
(*Chris*)
On Wed, Dec 15, 2010 at 8:39 AM, Altenhof, David Aron dalte...@iupui.eduwrote:
I've been getting more and more concerned about the possibility of
parameter manipulation attacks with Struts2. I've started doing strict
whitelists using the ParameterNameAware
18 matches
Mail list logo