struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alireza Fattahi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WW-4728) JSONValidationInterceptor change ststic parameters names
Date Wed, 21 Dec 2016 05:14:58 GMT

     [ https://issues.apache.org/jira/browse/WW-4728?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alireza Fattahi updated WW-4728:
--------------------------------
    Description: 
For security reasons I want to not reveal that we are using struts2 in our site. But the hackers
can find it if they see the hidden parameters in the request.

Is it possible to make below parameters configurable ( For example in struts.xml)

{code}
public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";
{code}

  was:
For security reasons I want to not reveal that we are using struts2 in our site. But the hackers
can find it if they see the hidden parameters in the request.

Is it possible to make below parameters configurable ( For example in struts.xml)

````
public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
    public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
    public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";



> JSONValidationInterceptor change ststic parameters names
> --------------------------------------------------------
>
>                 Key: WW-4728
>                 URL: https://issues.apache.org/jira/browse/WW-4728
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Plugin - JSON
>            Reporter: Alireza Fattahi
>
> For security reasons I want to not reveal that we are using struts2 in our site. But
the hackers can find it if they see the hidden parameters in the request.
> Is it possible to make below parameters configurable ( For example in struts.xml)
> {code}
> public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
> public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
> public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message