Hi Guys !
Recently an issue relating to DMI was related in
struts security bulletins, the following links show what I'm talking about:
http://struts.apache.org/release/2.3.x/docs/s2-019.html
http://struts.apache.org/release/2.3.x/docs/s2-018.html
I'm refactoring my
Java application, and I saw that It is heavily based on DMI. My question is, what is the security flaw that I could be exposed ?
Thinking that DMI will just expose my public Action methods, one way or another It is already exposed in my application. I'm wondering if I'm being too simplistic and forgetting some blind spot that could lead me into real security issues.
[]s