Why don't we agree to build something that will work well when used properly and let the "idjits" get idjits?
Jack On Wed, 16 Mar 2005 14:03:59 -0800, Martin Cooper <[EMAIL PROTECTED]> wrote: > On Wed, 16 Mar 2005 15:53:35 -0600, Michael Rasmussen > <[EMAIL PROTECTED]> wrote: > > > > > > I understand what you're suggesting, and on the face of it, it seems > > > like a nice idea. However, I fear that including such a mechanism in > > > Struts would lead to serious security vulnerabilities in some peoples' > > > applications. This is because essentially *any* method on the POJO > > > could end up being invoked accidentally or maliciously. We had an > > > > Isn't that only true if the form is getting its contract from the html > > form rather than the VO? > > > > I am assuming the vulnerability is that someone could add a parameter > > to their request url and inject the value into the form arbitrarily > > calling a public "logMeIn()" method. > > > > If however you were to create the contract from the VO, the logMeIn > > parameter will just be ignored. Is that incorrect? I'm asking > > because I'm curious about the issue. > > The problem is that you can't guarantee that the classes people use > this with are true VOs. Just as some people attempt to equate form > beans with business beans today, some people would attempt to generate > the form beans from their business beans directly with this mechanism, > thus unwittingly exposing all of their business logic methods in a way > that they could potentially be invoked through an additional request > parameter. > > -- > Martin Cooper > > > > > > > issue like this with ActionForm some time ago, until someone pointed > > > it out to us. > > > > > > -- > > > Martin Cooper > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
