struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <d...@newfield.org>
Subject Re: How to prevent user invoke a method?
Date Thu, 13 Aug 2009 17:13:42 GMT
mailtolouis2020-struts@yahoo.com wrote:
> I just wondering in case DyanmicMethodInvocation is require

I believe that this is a mistake.  I believe that setting 
DynamicMethodInvocation to "true" opens too many potential security 
holes.  Why do you believe your application requires this to be set to 
"true"?  Couldn't you get the same capabilities simply by adding some 
additional action definitions, and not opening this can of worms?

-Dale

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message