Does anyone know a published web site or book that covers potential security issues for Struts developers in general?
Jing ----- Original Message ----- From: "Hookom, Jacob" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Friday, June 20, 2003 2:25 PM Subject: RE: [FRIDAY] Got A Security Hole? > One of the most interesting security holes that MANY applications have are > the use of wild cards in dynamic sql queries.... > > login: admin > password: '+%+' > > or those likes... try it sometime > > -------- > Jacob Hookom > Senior Programmer/Analyst > McKesson Medical Surgical > Golden Valley, MN > > > -----Original Message----- > From: Jing Zhou [mailto:[EMAIL PROTECTED] > Sent: Friday, June 20, 2003 2:29 PM > To: Struts Users Mailing List > Subject: [FRIDAY] Got A Security Hole? > > > It's Friday. Let us talk about some light issues like security problems ... > > The Struts framework has a transaction token mechanism. It seems > to be able to protect developers. But in some cases, it does not if > session scoped form beans are used. > > See the detail description of the potential security issues at > http://www.netspread.com/tips2.html#security > More interesting, some very very experienced developers > would think they are absolutely safe if they use request scoped > form beans. It may not be the case as they think. Some > mistakes are possible, in open source projects, in samples of > published books, if the authors are not aware of them. > > > Jing > Netspread Carrier at http://www.netspread.com > "Making Simple Things Crazily Simpler." > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
