struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4891) Debug tag should not display anything when not in dev mode
Date Sun, 14 Jan 2018 15:01:05 GMT

    [ https://issues.apache.org/jira/browse/WW-4891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325614#comment-16325614
] 

ASF GitHub Bot commented on WW-4891:
------------------------------------

HedjuHor opened a new pull request #201: WW-4891 Debug tag should not display anything when
not in dev mode
URL: https://github.com/apache/struts/pull/201
 
 
   one solution
   if a user really wants to show the Debug Flag on his production release, he can use  `<s:debug
disabled="false"/>`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Debug tag should not display anything when not in dev mode
> ----------------------------------------------------------
>
>                 Key: WW-4891
>                 URL: https://issues.apache.org/jira/browse/WW-4891
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Tags
>    Affects Versions: 2.5.14
>            Reporter: Daniel Le Berre
>             Fix For: 2.6
>
>
> I noticed that the debug tag displays the content of the value stack independently of
the value of devMode.
> I wonder if it would not be more secure to do not display anything if devMode=false.
> I can imagine a developer forgetting to remove such kind of debug tags before the app
goes to production. Making it silent in production mode would reduce the risk to display sensitive
data.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message