Re: security impact after enabling back the "action:" prefix in Struts 2.3.15.3

2013/11/26 Miguel Almeida : > Picking up on this topic, I noticed that disabling this feature will > break any JSPs where you've set the action in the tag instead > of the tag. > > This is particularly problematic in situations where for some reason > you have one form with two submit tags, sinc

Re: security impact after enabling back the "action:" prefix in Struts 2.3.15.3

Dear Miguel! Thank you very much for your thoughts on the problem and your feedback! Keep the good work up! Al the best! krassen Am 26.11.13 10:19, schrieb Miguel Almeida: > Picking up on this topic, I noticed that disabling this feature will > break any JSPs where you've set the action in the

Re: How to install Struts?

You can start with struts blank war file that comes with Struts distribution. It will be really a good start for you. *Thanks and Regards,* Muralidhar Yaragalla. *http://yaragalla.blogspot.in/ * On Sun, Dec 1, 2013 at 7:16 PM, Martin Gainty wrote: > From Tomcat

RE: How to install Struts?

>From Tomcat Manager Application Last textfield is "Select WAR file to upload" upload $STRUTS2_HOME/apps/showcase.war start showcase Pingback if you see any errors Saludos Cordiales desde EEUU! Martin __ Porfavor..no altere ni interrump

Re: Concealing primary key in web application with struts 2 from security perspective?

The easiest way is to store the user id on the current session. If you have no other alternatives and you have to pass the user id through the request, then make the id unpredictable: * use uuid * rely on and check against one other value at least (for instance id+email) * use cryptography (f.i. sh