wwwclaes wrote:
Hi, we have an S2 application with a lot of actions that are supposed to be
called from html forms. Since a few weeks ago something or someone has
started calling these actions directly, hence the required input values are
missing (which generate a lot of error mails to us administrators).
What might be causing this? Of course, we may have gotten some new, very
stubborn, users but due to the sudden frequency and pattern of the calls my
first bet would be some kind of automatic crawler. Some of the actions
require authentication, so it is not Google & Co. Could some kind of "web
page prefetching" cause this? Or any other ideas?
Anyway, I guess one solution would be to mark all expected input values as
required using S2 validation. However, it would be a bit cumbersome and
repetitive. To keep the application clean, I don't think it would be bad to
keep its current design with relying on form input values to be there (if
it's a combo box for instance, of course not for user entered text fields).
Can you think of some simpler means to stop these errors from occurring and
still keep it simple and Struts-wise?
If inputs are required they absolutely should be marked as such in the
validation rules. Leaving out such checks leaves you wide open to data
integrity issues at the very least.
As far as figuring out where these 'bogus' requests originate, look at
the referer logs or add some network-level monitoring.
Fixing you validation so error messages go to the users rather than the
administrators is probably the sane solution, though :-)
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
