struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Re: Security Vulnerability When Using SessionAware and Best Practice For Mitigating It
Date Mon, 27 Feb 2012 19:18:29 GMT
I appreciate your comments, but what I'd like to accomplish is what
instructions should we provide in our tutorial on using the SessionAware
interface in order to best mitigate the security vulnerabilities introduced
when using SessionAware given how the Struts 2 framework works today.

I don't think using only immutable objects in the session reduces the
vulnerability.  String is immutable, but as I understand the security
vulnerability of using SessionAware, a hacker could change the String value
I've stored in the session.

When using SessionAware what do experienced Struts 2 developers do to reduce
as much as possible the vulnerability identified in my original post?  I'd
like to include these practices in the SessionAware tutorial.

Thank you for the feedback.

View this message in context:
Sent from the Struts - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message