I can't really speak to the actual code or process itself as I have not worked with struts in a little while - but anytime something is labled as "hacker proof" it kind of sticks under my nail.
Maybe its more aptly "securing validation", but I cannot imagine that this would "hacker proof your struts application" In anycase, its noble to share and try to improve the community - kudos On Wednesday 03 November 2004 10:42 am, Seetamraju, Uday wrote: > We are putting some websites open to all IP addresses using Appservers. > We have successfully stayed well within JSTL and Struts. > > My google searches didn't get me to any open information on how to use > struts in a safe manner. So, I had to start inventing the wheel. I hope I > didn't spend this much effort to 'reinvent'. > > Our struts-based web-applications here, have survived hack-vulnerability > tools that the company uses. I was the only one involved in the development > side to get the "secure" stamp of approval for these web-applications. > > I ended up creating a new struts-contrib based on this experience. > I am sending this email, since, after a few trials, I feel that I have a > reasonably simple approach to make the individual URLs/Actions pass the > typical secure-web-site tests. > > I thought maybe I could get feedback to improve my code, and as well let > others benefit. > > ---------------------------------------- > > The basic motivation : > There should be very little changes to struts applications to make them > hacker-proof. Also, this shouldn't change the way people design struts > applications. > > There are java.security.policy issues that are orthogonal to this email, > that I am not including in here. > > The entire details are in one nice HTML web page that I wrote up just for > this. http://mysite.verizon.net/sarma/GNU/SafeValidatorForm.html > > Thanks. > > Udaybhaskar Sarma Seetamraju > > > > -------------------------------------------------------- > The information contained in this message is intended only for the > recipient, and may be a confidential attorney-client communication or may > otherwise be privileged and confidential and protected from disclosure. If > the reader of this message is not the intended recipient, or an employee or > agent responsible for delivering this message to the intended recipient, > please be aware that any dissemination or copying of this communication is > strictly prohibited. If you have received this communication in error, > please immediately notify us by replying to the message and deleting it > from your computer. > > Thank you, > > Standard & Poor's > > -------------------------------------------------------- -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 888.560.YWEB (9932) e: [EMAIL PROTECTED] w. http://www.explosivo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
