Well, just a thought. Of course I will turn it off. Since this is potiential security holes, how come this is not turn off by default?
Louis ________________________________ From: Dale Newfield <[email protected]> To: Struts Users Mailing List <[email protected]> Sent: Thursday, August 13, 2009 6:13:42 PM Subject: Re: How to prevent user invoke a method? [email protected] wrote: > I just wondering in case DyanmicMethodInvocation is require I believe that this is a mistake. I believe that setting DynamicMethodInvocation to "true" opens too many potential security holes. Why do you believe your application requires this to be set to "true"? Couldn't you get the same capabilities simply by adding some additional action definitions, and not opening this can of worms? -Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
