Hmm... Of course, the next question should probably be raised if it's
a good idea to base your security model on paths that don't even exist
in reality...
It seems a bit odd to me to place your trust on how the URI string
will be handled internally. If there isn't such a path as
.../protected/...,
Well, in my opinion that author is using faulty logic. He offers a poor
security implementation and then blames the Struts code for a hole in
it. However, it's good to imagine every possible means of a security
breech, so I appreciate you bringing it up.
Erik
Christian Bollmeyer wrote:
On Sunda
On Sunday 20 February 2005 16:52, Erik Weber wrote:
> Could you elaborate please? Is this a Servlet model security problem,
> one specific to Struts, or one that is only exposed by neglect in
> some other area (which is what I suspect)? This is news to me. I've
> used path mapping all my Java life.
Could you elaborate please? Is this a Servlet model security problem,
one specific to Struts, or one that is only exposed by neglect in some
other area (which is what I suspect)? This is news to me. I've used path
mapping all my Java life. I've also posted numerous path-mapping
strategies on th
On Friday 18 February 2005 19:00, Erik Weber wrote:
> Learn to use (Servlet) path mapping ("/something/*") instead of
> extension mapping ("*.something").
Hm. Extension mapping is typically safe, while path-prefix
mapping may be *not*. The details are laid out in
Bergsten's 'Java Server Pages' 2nd
This is friday, so I will confess that I have always wanted to use
*.asp or *.php as my struts mapping.
:-)
Larry
On Fri, 18 Feb 2005 13:00:14 -0500, Erik Weber <[EMAIL PROTECTED]> wrote:
> Learn to use (Servlet) path mapping ("/something/*") instead of
> extension mapping ("*.something").
>
>
My impression was that Struts 1.2 picks up whatever mapping you use in
your web.xml to map requests to the ActionServlet.
So, if you map it to
/something/*
you will be able to invoke your action with this url:
www.url.com/webapp/something/selectServices
Anyone please correct me if I am wrong.
Learn to use (Servlet) path mapping ("/something/*") instead of
extension mapping ("*.something").
Erik
Burns, Scott wrote:
Can a page be displayed without using the action path mapping + (.do)
if I have this in my config.
type="org.apache.struts.actions.ForwardAction"
scope="request"
parameter=
Can a page be displayed without using the
action path mapping + (.do)
if I have this in my config.
type="org.apache.struts.actions.ForwardAction"
scope="request"
parameter="/SelectServices.jsp">
A url like this http://myhost/somecontext/selectServices.do
will work
How do I set it up so http:
9 matches
Mail list logo
