struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: [struts-dev] Re: Ultimate way to solve problems with Ognl
Date Fri, 23 May 2014 11:55:39 GMT
2014-05-23 13:51 GMT+02:00 Christoph Nenning <Christoph.Nenning@lex-com.net>:
> Add another preference to enable white listing ?
>
> So the framework would work out of the box (with security that is ok but
> can be improved) and users taking security serious can enable it.

Yes, that's my idea - add two new constanta, ie. struts.allowedClasses
and struts.allowedPackageNamePatterns - and add description here [1]
then users can used them if they want

[1] http://struts.apache.org/release/2.3.x/docs/security.html


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message