struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4375) improve security check performance
Date Mon, 14 Jul 2014 05:16:05 GMT

    [ https://issues.apache.org/jira/browse/WW-4375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060339#comment-14060339
] 

Lukasz Lenart commented on WW-4375:
-----------------------------------

Did you perform any benchmarks on that? Anyway, I'm planing to remodel how expressions are
passed around - instead using simple String I would like to have a dedicated class which will
represents the expression itself, its state and origins (client input, struts configuration,
etc). Thus should allow reduce security checks

> improve security check performance
> ----------------------------------
>
>                 Key: WW-4375
>                 URL: https://issues.apache.org/jira/browse/WW-4375
>             Project: Struts 2
>          Issue Type: Improvement
>    Affects Versions: 2.3.18
>            Reporter: zhouyanming
>             Fix For: 2.5
>
>
> currently struts is a little low performance because we must do much security check,I
think struts should provide two ways for security check,One for client inputs and the other
for non-inputs.client inputs must use the most strict check.and server side expressions could
skip most check,it will improve performance because most of access is from server side.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message