Yes, we are working on it now. We think it will be released soon, maybe next month.
Regards, Roberto Velasco Sarasola > On 4/2/07, Musachy Barroso <[EMAIL PROTECTED]> wrote: > Any plans for an Struts 2 port? >regards >musachy On 4/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi all, > > HDIV project is an Apache-licensed Struts' Security extension that adds > security > functionalities to Struts 1.x, maintaining the API and Struts > specification. > This implies that we can use HDIV in applications developed in Struts in a > transparent way to the programmer and without adding any complexity to the > application development. > > The security functionalities added to the original Struts version are > these: > > INTEGRITY: HDIV guarantees integrity (no data modification) of all the > data > generated by the server which should not be modified by the client (links, > hidden fields, combo values, radio buttons, destiny pages, etc.). > > CONFIDENTIALITY: HDIV guarantees the confidentiality of non editable data > as > well. Usually lots of the data sent to the client has key information for > the > attackers such as database registry identifiers, column or table names, > web > directories, etc. All these values are hidden by HDIV to avoid a malicious > use > of them. For example a link of this type, > http://www.host.com?data1=12&data2=24 > is replaced by http://www.host.com?data1=0&data2=1, guaranteeing > confidentiality > of the values representing database identifiers. > > New release includes a number of new features centered around cookies and > editable data validation: > > - Cookie confidentiality and integrity validation. > > - Editable data validation (textbox and textarea): HDIV eliminates to a > large > extent the risk originated by attacks of type Cross-site scripting (XSS) > and > SQL Injection using generic validations of the editable data (text and > textarea). The user will have to configurate generic validations through > rules > in XML format, reducing or eliminating the risk against attacks based on > the > defined restrictions. > > You can have a look at it at http://www.hdiv.org > > In addition to that there is a quick introduction about HDIV using OWASP > top ten 2007 as reference at http://www.hdiv.org/docs/hdiv.ppt. > > Regards, > > Roberto Velasco Sarasola > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
