Dear Struts2 mailing list,

i have the following question(s)/ i need the following advice:
by default the "action:" prefix is set to false in Struts2 v2.3.15.3 as to:
http://struts.apache.org/release/2.3.x/docs/s2-018
for security reasons,
but i need to set it back to true(i.e. the
struts.mapper.action.prefix.enabled) because my actions do not work
after the library update and if i decide to go another way to solve this
issue, i need to do a lot of refactoring on my code;
So my question is:
if i enable the "action:" prefix, does it mean that, i automatically
compromise/expose my application to the security issues discussed in
s2-16, s2-17 and s2-18?
Is there a workaround for my scenario, that i can enable the prefix, but
still maintain the security level of my application considering the
enumerated above issues?(can i achieve better results if i tweak
properly the struts.mapper.action.prefix.crossNamespaces)

many thanks for your opinions and support!

Best,

krassen
-- 

Krassen Deltchev
M.Sc. Applied Computer Science, Ruhr-University of Bochum
LPIC I
http://www.xing.com/profile/Krassen_Deltchev
http://de.linkedin.com/pub/krassen-deltchev/22/632/12
http://www.slideshare.net/test2v
https://twitter.com/#!/test2v

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Reply via email to