> -Original Message-
> From: Matt Bathje [mailto:[EMAIL PROTECTED]
> Just hope they don't break you programming policies and extend
> ValidatorForm (or just use DynaValidatorForm!) instead of extending
> SafeValidatorForm :)
Well, its easier that wondering if all the validations are imp
ch. ;-)
-Original Message-
From: Matt Bathje [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 5:22 PM
To: Struts Users Mailing List
Subject: Re: hacker-proofing Struts-based exposed websites
(1) Yes, you would have to do it for every form in the application. ..
(2) Is th
Seetamraju, Uday wrote:
Like you, that's what I thought initially, until the security scanning application
report hit me.
For each simulated attack (including null-characters and other characters) our *.do URLs were showing errors and exceptions in all their full glory right on the web page.
Take
Yes, you would have to do it for every form in the application. To me
that isn't an issue though because for most (I'd say 95%+) of the forms
in my application, I already have a validator entry set up - I would
just need to add the invalidCharacter validation and its variables to
each form.
If
Like you, that's what I thought initially, until the security scanning application
report hit me.
For each simulated attack (including null-characters and other characters) our *.do
URLs were showing errors and exceptions in all their full glory right on the web page.
That was the basis for my i
.
-Original Message-
From: David G. Friedman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 2:13 PM
To: Struts Users Mailing List
Subject: RE: hacker-proofing Struts-based exposed websites
Uday,
I'm afraid you maybe mistaken on at least one of your points. At least the
HTML t
-
From: Matt Bathje [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 3:48 PM
To: Struts Users Mailing List
Subject: Re: hacker-proofing Struts-based exposed websites
[snip]
.
invalidCharacters
\u,\u0
There are known hacks, some dealing with buffer overruns of the server
that gives you acess to the OS shell, or port scans or sniffing, or ...
So I see you have apache 1.3 (with it's known hacks) in front of it. I
assume you read up on securing apache.
I think very little has to do w/ Struts i
[snip]
if you feel comfortable typing in struts validations in each and every form class
of each and every application, who can stop you?
And you are also quite free to edit each and every one of them should you you want to
add a new kind of check to your forms.
Even if you choose to use the stru
aju, Uday [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 2:01 PM
To: Struts Users Mailing List
Cc: [EMAIL PROTECTED]
Subject: RE: hacker-proofing Struts-based exposed websites
Sure. I never mentioned that I was adding totally new functionality to
struts.
if you feel comfortable
Wednesday, November 03, 2004 11:22 AM
To: Struts Users Mailing List
Cc: [EMAIL PROTECTED]
Subject: Re: hacker-proofing Struts-based exposed websites
Maybe I should wait for other commentary on this because I'm probably
missing something...but after scanning your page for a bit, I'm not
I can't really speak to the actual code or process itself as I have not worked
with struts in a little while - but anytime something is labled as "hacker
proof" it kind of sticks under my nail.
Maybe its more aptly "securing validation", but I cannot imagine that this
would "hacker proof your
From: "Seetamraju, Uday" <[EMAIL PROTECTED]>
> The entire details are in one nice HTML web page that I wrote up just for
this.
> http://mysite.verizon.net/sarma/GNU/SafeValidatorForm.html
The part that caught my eye was 'testing' it by entering the entire URL to
the jsp file. Most of us already p
Seetamraju, Uday wrote:
We are putting some websites open to all IP addresses using Appservers.
We have successfully stayed well within JSTL and Struts.
My google searches didn't get me to any open information on how to use struts in a
safe manner.
So, I had to start inventing the wheel. I hope I
We are putting some websites open to all IP addresses using Appservers.
We have successfully stayed well within JSTL and Struts.
My google searches didn't get me to any open information on how to use struts in a
safe manner.
So, I had to start inventing the wheel. I hope I didn't spend this much
15 matches
Mail list logo
