struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <>
Subject Re: How to prevent user invoke a method?
Date Thu, 13 Aug 2009 17:13:42 GMT wrote:
> I just wondering in case DyanmicMethodInvocation is require

I believe that this is a mistake.  I believe that setting 
DynamicMethodInvocation to "true" opens too many potential security 
holes.  Why do you believe your application requires this to be set to 
"true"?  Couldn't you get the same capabilities simply by adding some 
additional action definitions, and not opening this can of worms?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message