[Stripes-dev] [JIRA] Commented: (STS-811) Make @StrickBinding @Validate "on" aware

Thu, 17 Feb 2011 06:41:00 -0800 

    [ 
http://www.stripesframework.org/jira/browse/STS-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12212#comment-12212
 ] 

Jacob Champlin commented on STS-811:
------------------------------------

Sorry about the Title, I don't see how to fix.

> Make @StrickBinding  @Validate "on" aware
> -----------------------------------------
>
>                 Key: STS-811
>                 URL: http://www.stripesframework.org/jira/browse/STS-811
>             Project: Stripes
>          Issue Type: Improvement
>          Components: Validation
>    Affects Versions: Release 1.5.5
>         Environment: N/A
>            Reporter: Jacob Champlin
>              Labels: binding
>
> I would like to request that @StrictBinding  only bind a url parameter if the 
> @Validate annotation has the action called in the "on" attribute.
> The @StrictBinding was a great addition!!  It was such a huge security threat 
> to bind every member in the ActionBean.  Especially combined with hibernates 
> auto flushing.
> However, If you use your ActionBean for say all your CRUD operations.  Then 
> your all your operations are subject to the Superset of binding for that 
> ActionBean.  IE  your "read" operation can potentually bind anything your 
> "create" operation requires.
> There are lots of solutions for this including putting each operation into 
> its own Action, or having a different binding bean for each operation.  I 
> don't think either of these would be as clean as makeing use of the @Validate 
> on="read" metadata.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to