Le 25/09/2013 15:37, bphill...@ku.edu a écrit : > "If not, how is it possible to not use DMI ? " > > See - http://struts.apache.org/release/2.3.x/docs/getting-started.html - the > tutorial on using Wildcard Method Selection may be helpful. Ok, but i mean how is it possible to not use DMI "with struts convention plugin". We prefer the convention over configuration approch. > Using the ! (bang) operator and dynamic method invocation is a security > problem. See: > http://www.brucephillips.name/blog/index.cfm/2011/2/19/Struts-2-Security-Vulnerability--Dynamic-Method-Invocation Ok, i understand the problem. But according to mentionned good practices, it's seams to not be a real issue for us.
-- Éric Chatellier - Code Lutin Tel: 02.40.50.29.28 - http://www.codelutin.com --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
