struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musachy Barroso" <musa...@gmail.com>
Subject OGNL and parameters
Date Wed, 16 Jul 2008 17:56:16 GMT
Should we continue to use OGNL for parameter binding? This creates so
many possible security holes, in exchange for pretty much nothing,
when parameter names should be simple (indexing + the old A.B.C
notation).

Are there any uses cases where the full OGNL power is needed, for
parameter binding?

musachy

-- 
"Hey you! Would you help me to carry the stone?" Pink Floyd

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message