Well, just a thought. Of course I will turn it off. Since this is potiential security holes, how come this is not turn off by default?
Louis ________________________________ From: Dale Newfield <d...@newfield.org> To: Struts Users Mailing List <user@struts.apache.org> Sent: Thursday, August 13, 2009 6:13:42 PM Subject: Re: How to prevent user invoke a method? mailtolouis2020-str...@yahoo.com wrote: > I just wondering in case DyanmicMethodInvocation is require I believe that this is a mistake. I believe that setting DynamicMethodInvocation to "true" opens too many potential security holes. Why do you believe your application requires this to be set to "true"? Couldn't you get the same capabilities simply by adding some additional action definitions, and not opening this can of worms? -Dale --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
