unsubscribe
-Original Message-
From: Robert Leland [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 16, 2000 8:12 AM
To: [EMAIL PROTECTED]
Subject: Re: *.jsp "back door" issue
Great ! Did Duane Fields (WDJSP) contact you ? He indicated that he had a
much
more comprehensi
Colin Sampaleanu wrote:
> > -Original Message-
> > From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> > Sent: November 15, 2000 8:51 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: *.jsp "back door" issue
> >
> > Joel Schneider wr
> -Original Message-
> From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
> Sent: November 15, 2000 8:51 PM
> To: [EMAIL PROTECTED]
> Subject: Re: *.jsp "back door" issue
>
> Joel Schneider wrote:
>
> > Description of Problem:
> >
Great ! Did Duane Fields (WDJSP) contact you ? He indicated that he had a
much
more comprehensive package that he had written for a client
that he would donate to struts.
Originally, I had the token tied in with the standard hidden field
name. I was going to rework the code into a better form, so
Robert Leland wrote:
> > ActionServlet and added code to set a request attribute named
> > "ActionServlet":
> >
> > private static final Boolean boolTrue = new Boolean(true);
> > ...
> > request.setAttribute("ActionServlet", boolTrue);
> >
>
> I submitted some code back in about Oct 1
Joel Schneider wrote:
> Description of Problem:
>
> A typical Struts based web site might be configured to have requests
> matching the pattern"*.do" sent to the ActionServlet. After a request is
> handled by its Action class, processing is typically forwarded to a .jsp
> page.
>
> However, it's
On Wed, 15 Nov 2000, Oleg V Alexeev wrote:
> Hello David,
>
> Tuesday, November 14, 2000, 11:19:40 PM, you wrote:
>
> DG> Joel Schneider wrote:
>
> >> However, it's also possible for users to directly request a .jsp page.
> >> When this happens, the JSP container (in my case, Orion) will proce
Hello David,
Tuesday, November 14, 2000, 11:19:40 PM, you wrote:
DG> Joel Schneider wrote:
>> However, it's also possible for users to directly request a .jsp page.
>> When this happens, the JSP container (in my case, Orion) will process the
>> .jsp page without any involvement by the ActionSer
> ActionServlet and added code to set a request attribute named
> "ActionServlet":
>
> private static final Boolean boolTrue = new Boolean(true);
> ...
> request.setAttribute("ActionServlet", boolTrue);
>
I submitted some code back in about Oct 10 to struts-dev
that would prevent th
> -Original Message-
> From: David Geary [mailto:[EMAIL PROTECTED]]
> Sent: November 14, 2000 3:20 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: *.jsp "back door" issue
>
> Joel Schneider wrote:
>
> > Description of Probl
On Tue, 14 Nov 2000, David Geary wrote:
> Joel Schneider wrote:
>
> > Description of Problem:
> >
> > A typical Struts based web site might be configured to have requests
> > matching the pattern"*.do" sent to the ActionServlet. After a request is
> > handled by its Action class, processing is
Joel Schneider wrote:
> Description of Problem:
>
> A typical Struts based web site might be configured to have requests
> matching the pattern"*.do" sent to the ActionServlet. After a request is
> handled by its Action class, processing is typically forwarded to a .jsp
> page.
>
> However, it's
Description of Problem:
A typical Struts based web site might be configured to have requests
matching the pattern"*.do" sent to the ActionServlet. After a request is
handled by its Action class, processing is typically forwarded to a .jsp
page.
However, it's also possible for users to directly
13 matches
Mail list logo
