• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Adding CSP to Struts 1.2.7

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Has anyone added CSP to struts 1.2.7?  

1.2.7 doesn't seem to have the BaseDispatchAction class.  At least not that I can pull up with my IDE.
 
Saloon Keeper
Posts: 5718
144
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're working on a web app that still uses Struts 1.x, the first thing you need to do is to upgrade it to the latest Struts 2 version. All versions of Struts 1 have several publicized security holes that have not -and will not- get patched.
 
Bartender
Posts: 9560
12
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with Tim.
That said, I'm not aware of any BaseDispatchAction class in Struts 1.  There is a DispatchAction, which is an abstract class intended to be extended by the developer and used to create a class with several related execute methods (For example, all the CRUD methods for a particular piece of data).
 
william chester
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately I don't have the choice to upgrade at this time.  I guess I should ask does csp work in struts 1.2.7?
 
Joe Ess
Bartender
Posts: 9560
12
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By CSP, do you mean Content Security Policy?  I have used Tomcat's httpHeaderSecurity to add protection against malicious requests.  
You should be aware that Struts 1.2.7 has known vulnerabilities to cross site scripting (among other known attacks) and I don't know that a filter at the server layer would protect against that.
If you are concerned about security (including XSS), the solution is to upgrade Struts or move to another framework.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!