I know of two general categories of security issues: First, all security issues that apply to Web Applications apply to Struts. Fortunately, there is lots of documentation in the web, a few books, and quite a few tools that test the security of your web application.
Second, *use a recent version of Struts*. As struts security flaws are discovered they are patched, but not long ago I discovered that security patches are not applied to all old versions. For example, don't even think of using Struts 1.1 (yes, it is still being used by many corporations that chose IBM RAD as their IDE). And if you use Struts 1.2.x make sure you use at least version 1.2.9. I don't know of any, but it is quite possible that other security flaws were discovered and fixed in newer releases since I last checked. Bruno -----Original Message----- From: Prabhakar Natarajan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 14, 2007 5:02 AM To: [email protected] Subject: Security issues in Struts Hi all, Does any one has list of security issues we have to take while using struts framework. Regards, Prabhakar --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
