struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeromy Evans <jeromy.ev...@blueskyminds.com.au>
Subject Re: OGNL and parameters
Date Thu, 17 Jul 2008 04:05:43 GMT
Musachy Barroso wrote:
> Should we continue to use OGNL for parameter binding? This creates so
> many possible security holes, in exchange for pretty much nothing,
> when parameter names should be simple (indexing + the old A.B.C
> notation).
>
> Are there any uses cases where the full OGNL power is needed, for
> parameter binding?
>
> musachy
>
>   
I haven't seen any obstacles to a change like that. It would be nice if 
we could reuse a param binding implementation with type-conversion from 
somewhere else rather reinvent another.

It's a shame though; the current approach is logical if it wasn't so 
open to clever exploits.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message