Any plans for an Struts 2 port?

regards
musachy

On 4/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Hi all,

HDIV project is an Apache-licensed Struts' Security extension that adds
security
functionalities to Struts 1.x, maintaining the API and Struts
specification.
This implies that we can use HDIV in applications developed in Struts in a
transparent way to the programmer and without adding any complexity to the
application development.

The security functionalities added to the original Struts version are
these:

INTEGRITY: HDIV guarantees integrity (no data modification) of all the
data
generated by the server which should not be modified by the client (links,
hidden fields, combo values, radio buttons, destiny pages, etc.).

CONFIDENTIALITY: HDIV guarantees the confidentiality of non editable data
as
well. Usually lots of the data sent to the client has key information for
the
attackers such as database registry identifiers, column or table names,
web
directories, etc. All these values are hidden by HDIV to avoid a malicious
use
of them. For example a link of this type,
http://www.host.com?data1=12&data2=24
is replaced by http://www.host.com?data1=0&data2=1, guaranteeing
confidentiality
of the values representing database identifiers.

New release includes a number of new features centered around cookies and
editable data validation:

- Cookie confidentiality and integrity validation.

- Editable data validation (textbox and textarea): HDIV eliminates to a
large
extent the risk originated by attacks of type Cross-site scripting (XSS)
and
SQL Injection using generic validations of the editable data (text and
textarea). The user will have to configurate generic validations through
rules
in XML format, reducing or eliminating the risk against  attacks based on
the
defined restrictions.

You can have a look at it at http://www.hdiv.org

In addition to that there is a quick introduction about HDIV using OWASP
top ten 2007 as reference at http://www.hdiv.org/docs/hdiv.ppt.

Regards,

Roberto Velasco Sarasola


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--
"Hey you! Would you help me to carry the stone?" Pink Floyd

Reply via email to