struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-5012) Make a public state check the first acceptance check in SecurityMemberAccess
Date Thu, 31 Jan 2019 23:49:00 GMT

    [ https://issues.apache.org/jira/browse/WW-5012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16757812#comment-16757812
] 

ASF GitHub Bot commented on WW-5012:
------------------------------------

JCgH4164838Gh792C124B5 commented on pull request #324: Back-port WW-5012 improvements from
PR#323 to 2.5.x:
URL: https://github.com/apache/struts/pull/324
 
 
   Back-port WW-5012 improvements from PR#323 to 2.5.x:
   - Back-port improvements from PR#323:
     - Re-order SecurityMemberAccess to make public access check the 1st check.
     - Improvements to checkStaticMethodAccess().
   - Back-port improvements from PR#320 that aligned with PR#323's enhancement:
     - Make one public getter final.
     - Brought additional ordering improvements that align and make 2.5.x's implementation
easier to maintain.
   - Two improvements resulted directly from the back-porting:
     - Eliminated unnecessary boolean allow flag within the access check.
     - Eliminated a redundant call to !isClassExcluded(memberClass), implicitly possible due
to re-ordering.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Make a public state check the first acceptance check in SecurityMemberAccess
> ----------------------------------------------------------------------------
>
>                 Key: WW-5012
>                 URL: https://issues.apache.org/jira/browse/WW-5012
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.5.20
>         Environment: All environments.
>            Reporter: James Chaplin
>            Priority: Minor
>              Labels: performance, security
>             Fix For: 2.5.21, 2.6
>
>
> During discussion for WW-5004, a recommendation was made by two Apache Struts Team members
to adjust the sequence of calls in the SecurityMemberAccess module.
> The recommendation was to make the member's public state check (e.g. checkPublicMemberAccess())
the absolute first check made during acceptance checks).
> This improvement would look at implementing this change for the access check ordering,
and any minor enhancements that are applicable to the ordering change.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message