This week's book giveaways are in the AI and JavaScript forums.
We're giving away four copies each of GANs in Action and WebAssembly in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of GANs in ActionE this week in the AI forum
or WebAssembly in Action in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

Adding CSP to Struts 1.2.7

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Has anyone added CSP to struts 1.2.7?  

1.2.7 doesn't seem to have the BaseDispatchAction class.  At least not that I can pull up with my IDE.
 
Saloon Keeper
Posts: 6039
154
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're working on a web app that still uses Struts 1.x, the first thing you need to do is to upgrade it to the latest Struts 2 version. All versions of Struts 1 have several publicized security holes that have not -and will not- get patched.
 
Bartender
Posts: 9612
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with Tim.
That said, I'm not aware of any BaseDispatchAction class in Struts 1.  There is a DispatchAction, which is an abstract class intended to be extended by the developer and used to create a class with several related execute methods (For example, all the CRUD methods for a particular piece of data).
 
william chester
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately I don't have the choice to upgrade at this time.  I guess I should ask does csp work in struts 1.2.7?
 
Joe Ess
Bartender
Posts: 9612
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By CSP, do you mean Content Security Policy?  I have used Tomcat's httpHeaderSecurity to add protection against malicious requests.  
You should be aware that Struts 1.2.7 has known vulnerabilities to cross site scripting (among other known attacks) and I don't know that a filter at the server layer would protect against that.
If you are concerned about security (including XSS), the solution is to upgrade Struts or move to another framework.
 
It is an experimental device that will make my mind that most powerful force on earth! More powerful than this tiny ad!
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!