Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

eters\...* and include in the tutorial text both options. Thanks for the help. -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5525787

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

2012/2/28 bphill...@ku.edu : > Lukasz - I agree with you, but until a new version of Struts 2 is released > that includes a fix for this vulnerability, I'd like to tell Struts 2 > developers what to do when implementing the SessionAware interface to > mitigate the vulnerability. > > If you could lo

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

itial post and provide any feedback on that I'd certainly appreciate your comments. -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5523338.html Sent from the Struts - User mailing li

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

I think we should simply implemented what was mentioned in WW-3631 to solve that potential vulnerability Kind regards -- Łukasz Mobile +48 606 323 122 Office +27 11 0838747 http://www.lenart.org.pl/ Warszawa JUG conference - Confitura http://confitura.pl/ ---

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

n-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5519824.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional comm

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

ot;) ) { > >> > >>allowedParameterName = false ; > >> > >> } > >> > >>return allowedParameterName; > >>

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

"request") ) { >> >>                        allowedParameterName = false ; >> >>                } >> >>                return allowedParameterName; >>        } >> >> I'd certainly appreciate any feedback on best practices to follow

Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

tices to follow when > implementing the SessionAware interface and how to mitigate the security > vulnerability. > > Thank You, > > Bruce Phillips > > > > -- > View this message in context: > http://struts.1045723.n5

Security Vulnerability When Using SessionAware and Best Practice For Mitigating It

ementing the SessionAware interface and how to mitigate the security vulnerability. Thank You, Bruce Phillips -- View this message in context: http://struts.1045723.n5.nabble.com/Security-Vulnerability-When-Using-SessionAware-and-Best-Practice-For-Mitigating-It-tp5502292p5502292.html Sent