We are putting some websites open to all IP addresses using Appservers.
We have successfully stayed well within JSTL and Struts.
My google searches didn't get me to any open information on how to use struts in a
safe manner.
So, I had to start inventing the wheel. I hope I didn't spend this much
Sure. I never mentioned that I was adding totally new functionality to struts.
if you feel comfortable typing in struts validations in each and every form class of
each and every application, who can stop you?
And you are also quite free to edit each and every one of them should you you want to
You may have a point there about me needing to take a better look at the current
Validator.
But, from what you write below, do you want me to do the following for --every-- form
in my application?
Is there a 'global-validation' available in the latest validator?
-Original Message-
From:
tils.getInstance().filter(value.toString());
}
Perhaps you should upgrade your Struts deployment to avoid duplicating work
for yourself. (IMHO)
Regards,
David
-----Original Message-
From: Seetamraju, Uday [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 2:01 PM
To: Struts Users Ma
Like you, that's what I thought initially, until the security scanning application
report hit me.
For each simulated attack (including null-characters and other characters) our *.do
URLs were showing errors and exceptions in all their full glory right on the web page.
That was the basis for my i
a global-validation type scheme is kind of a cool idea - if you
look into validator and decide you want to extend it to include a
global-validation, be sure to contribute back to the commons validator
people :)
Matt
Seetamraju, Uday wrote:
> You may have a point there about me needin
> -Original Message-
> From: Matt Bathje [mailto:[EMAIL PROTECTED]
> Just hope they don't break you programming policies and extend
> ValidatorForm (or just use DynaValidatorForm!) instead of extending
> SafeValidatorForm :)
Well, its easier that wondering if all the validations are imp
This will be my first attempt to directly add to an FOSS project.
Even tho' I am very comfortable with CVS command line (and eclipse/gcvs too)
I wanted to know whether I can do the following :-
use anon pserver login to checkout the latest src.
Try something.
If it works, request non-anon acce
For simple use-n-throw (non-dynaforms?) forms, a much better *generic* solution
:-
At the VERY BOTTOM (please note the caps to get your attention ;-) ) of the JSP
that displays the form :-
<% MyForm frm = (MyForm) request.getAttribute("formname");
frm.reset();
%>
In scenarios wher
I have never found any luck on google, but the top secret solution for such
things is whispered as :-
HTTP Headers
Now I honestly do not know how to set the **EXACT-SPECIFIC** HTTPRequest
headers.
In the header supposedly, you can specify something similar to the "target=..."
at
use disabled instead of readonly.
IIRC , HTML rarely uses readonly -- its mostly disabled attribute everywhere.
It works just fine for me.
> -Original Message-
> From: Olivier Croisier [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 15, 2004 4:10 AM
> To: Struts Users Mailing List
>
In the applet, open the
URL("http://myserver/mywebapp/appletSupport.do?param1=x¶m2=y";);
And read the response.
Alternatively, you can URL("http://myserver";);
and write to the opened URL as :-
GET /mywebapp/appletSupport.do?param1=x¶m2=y
This works for HTTPS also I believe.
> -Origi
I don't like to let the exception go as is, since I need the stack trace.
Don't you wanna know what went wrong?
The following works wonderfully, -- I have :-
Note my key!
My system failure URL is mapped in web.xml to a simple JSP with customer
service tel#.
public class MyExceptionHan
(If JSF can work with Struts controller, then someone here can give me tips).
I am asked to upgrade an application that is based on the circa-2001 Model 2
JSP/controllerservlet architecture.
Given the amount of JSP work, I am strongly proposing (here in my company) to
switch to JSF.
I have a spe
14 matches
Mail list logo
