File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Struts and the fly likes DMI problemas and issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "DMI problemas and issues" Watch "DMI problemas and issues" New topic
Author

DMI problemas and issues

Matheus Mendes
Ranch Hand

Joined: May 15, 2007
Posts: 66
Hi Guys !

Recently an issue relating to DMI was related in struts security bulletins, the following links show what I'm talking about:
http://struts.apache.org/release/2.3.x/docs/s2-019.html
http://struts.apache.org/release/2.3.x/docs/s2-018.html

I'm refactoring my Java application, and I saw that It is heavily based on DMI. My question is, what is the security flaw that I could be exposed ?

Thinking that DMI will just expose my public Action methods, one way or another It is already exposed in my application. I'm wondering if I'm being too simplistic and forgetting some blind spot that could lead me into real security issues.

[]s


The Death of one is a tragedy, but the Death of a million is just a statistic. Joseph Stalin

SCJP 6.0, SCJD
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: DMI problemas and issues
 
Similar Threads
Struts 2 upgrade tips
forwarding to different jsp pages in struts 2
Modules In Struts 2 (just like modules in struts 1)
Struts 2 action result
Enabling Disabling image in jsp.