This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Struts and the fly likes DMI problemas and issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "DMI problemas and issues" Watch "DMI problemas and issues" New topic
Author

DMI problemas and issues

Matheus Mendes
Ranch Hand

Joined: May 15, 2007
Posts: 66
Hi Guys !

Recently an issue relating to DMI was related in struts security bulletins, the following links show what I'm talking about:
http://struts.apache.org/release/2.3.x/docs/s2-019.html
http://struts.apache.org/release/2.3.x/docs/s2-018.html

I'm refactoring my Java application, and I saw that It is heavily based on DMI. My question is, what is the security flaw that I could be exposed ?

Thinking that DMI will just expose my public Action methods, one way or another It is already exposed in my application. I'm wondering if I'm being too simplistic and forgetting some blind spot that could lead me into real security issues.

[]s


The Death of one is a tragedy, but the Death of a million is just a statistic. Joseph Stalin

SCJP 6.0, SCJD
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: DMI problemas and issues
 
Similar Threads
Enabling Disabling image in jsp.
Struts 2 upgrade tips
forwarding to different jsp pages in struts 2
Struts 2 action result
Modules In Struts 2 (just like modules in struts 1)