subject:"\[jira\] \[Updated\] \(WW\-4728\) JSONValidationInterceptor change ststic parameters names"

[jira] [Updated] (WW-4728) JSONValidationInterceptor change ststic parameters names

2016-12-20 Thread Lukasz Lenart (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lukasz Lenart updated WW-4728:
--
Fix Version/s: 2.5.next

> JSONValidationInterceptor change ststic parameters names
> 
>
> Key: WW-4728
> URL: https://issues.apache.org/jira/browse/WW-4728
> Project: Struts 2
>  Issue Type: Bug
>  Components: Plugin - JSON
>Reporter: Alireza Fattahi
> Fix For: 2.5.next
>
>
> For security reasons I want to not reveal that we are using struts2 in our 
> site. But the hackers can find it if they see the hidden parameters in the 
> request.
> Is it possible to make below parameters configurable ( For example in 
> struts.xml)
> {code}
> public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
> public static final String VALIDATE_JSON_PARAM = 
> "struts.enableJSONValidation";
> public static final String NO_ENCODING_SET_PARAM = 
> "struts.JSONValidation.no.encoding";
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4728) JSONValidationInterceptor change ststic parameters names

2016-12-20 Thread Alireza Fattahi (JIRA)


 [ 
https://issues.apache.org/jira/browse/WW-4728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alireza Fattahi updated WW-4728:

Description: 
For security reasons I want to not reveal that we are using struts2 in our 
site. But the hackers can find it if they see the hidden parameters in the 
request.

Is it possible to make below parameters configurable ( For example in 
struts.xml)

{code}
public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
public static final String NO_ENCODING_SET_PARAM = 
"struts.JSONValidation.no.encoding";
{code}

  was:
For security reasons I want to not reveal that we are using struts2 in our 
site. But the hackers can find it if they see the hidden parameters in the 
request.

Is it possible to make below parameters configurable ( For example in 
struts.xml)


public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
public static final String VALIDATE_JSON_PARAM = 
"struts.enableJSONValidation";
public static final String NO_ENCODING_SET_PARAM = 
"struts.JSONValidation.no.encoding";



> JSONValidationInterceptor change ststic parameters names
> 
>
> Key: WW-4728
> URL: https://issues.apache.org/jira/browse/WW-4728
> Project: Struts 2
>  Issue Type: Bug
>  Components: Plugin - JSON
>Reporter: Alireza Fattahi
>
> For security reasons I want to not reveal that we are using struts2 in our 
> site. But the hackers can find it if they see the hidden parameters in the 
> request.
> Is it possible to make below parameters configurable ( For example in 
> struts.xml)
> {code}
> public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
> public static final String VALIDATE_JSON_PARAM = 
> "struts.enableJSONValidation";
> public static final String NO_ENCODING_SET_PARAM = 
> "struts.JSONValidation.no.encoding";
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (WW-4728) JSONValidationInterceptor change ststic parameters names

[jira] [Updated] (WW-4728) JSONValidationInterceptor change ststic parameters names

2 matches

Site Navigation

Mail list logo

Footer information