Hello, I (my IDE) noticed a warning showing that my Struts 2 Actions (they extend com.opensymphony.xwork2.ActionSupport) may be deserialized, compromising security.
The IDE (IntelliJ 8.1) further states that the class may be deserializable as it supports the Serializable interface (ActionSupport does) and its readObject() method is not defined to immediately throw an error. Please excuse my naivety or if this is off-topic, but is this safe? Furthermore, how can I override the readObject() method as suggested and throw an error without compromising functionality within Struts? As an aside, if this warning can safely be addressed, why doesn't ActionSupport override readObject() to avoid this? Thanks, Lee --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
