struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-5012) Make a public state check the first acceptance check in SecurityMemberAccess
Date Mon, 11 Feb 2019 15:17:00 GMT

    [ https://issues.apache.org/jira/browse/WW-5012?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16765058#comment-16765058
] 

ASF GitHub Bot commented on WW-5012:
------------------------------------

JCgH4164838Gh792C124B5 commented on pull request #324: Back-port WW-5012 improvements from
PR#323 to 2.5.x:
URL: https://github.com/apache/struts/pull/324
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Make a public state check the first acceptance check in SecurityMemberAccess
> ----------------------------------------------------------------------------
>
>                 Key: WW-5012
>                 URL: https://issues.apache.org/jira/browse/WW-5012
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.5.20
>         Environment: All environments.
>            Reporter: James Chaplin
>            Priority: Minor
>              Labels: performance, security
>             Fix For: 2.5.21, 2.6
>
>
> During discussion for WW-5004, a recommendation was made by two Apache Struts Team members
to adjust the sequence of calls in the SecurityMemberAccess module.
> The recommendation was to make the member's public state check (e.g. checkPublicMemberAccess())
the absolute first check made during acceptance checks).
> This improvement would look at implementing this change for the access check ordering,
and any minor enhancements that are applicable to the ordering change.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message