struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emi Lu <em...@encs.concordia.ca>
Subject Re: Java security issue vs. struts?
Date Fri, 18 Jan 2013 17:21:28 GMT
Hello Martin,

I did not find bug report under struts JIRA related to jfreechart.

More details about how I use jfreechart:
(1) jsp <img src=".action">
(2) JAVA Action class, generated jsp
(3) struts.xml specify img size

Hope this info will help others have the same concern :-)

Bon week-end!
Emi


On 01/16/2013 05:39 PM, Martin Gainty wrote:
>
> Hi Chris This issue came up on another apache users list I believe there was open access
issue to Remote Context Object by OGNL
> (but i think Lukasz or Dave addressed the issue)..emi..did you see this in Struts Jira?
Bon chance,
> Martin
> ______________________________________________
> Note de déni et de confidentialitéCe message est confidentiel et peut être privilégié.
Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire
informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement
obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation,
nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>


-------- Original Message --------
Subject: Re: Java security issue vs. struts?
Date: Fri, 18 Jan 2013 12:00:31 -0500
From: Emi Lu <emilu@encs.concordia.ca>
Reply-To: emilu@encs.concordia.ca
To: Christian Grobmeier <grobmeier@gmail.com>
CC: Struts Users Mailing List <user@struts.apache.org>,  Chris Pratt 
<thechrispratt@gmail.com>

>> Thank you Chris. Moreover, if I call jfreechart to generate reports through
>> web applications, it will not be affected, I believe?
>
> As long as you do not use Applets to output JFreechart data you should
> be fine (saying: if you generate images with JFreechart)

(1) My jsp:
   <img src="jfreechart_reportProcessReport.action">

(2) struts.xml

<action name="jfreechart_reportProcessReport"  method="jfreechart_report"
class="ProcessReport">
          <result name="success" type="chart">
             <param name="chart">chart</param>
             <param name="width">1000</param>
             <param name="height">500</param>
          </result>
</action>


(3) My struts java action class (server side):

do:
ChartFactory.createBarChart3D(){... ...}


As a result, due to (1) ~(3) I am safe I believe.

Thanks a lot for all your comments!
Emi



>>>      <mailto:user-unsubscribe@struts.apache.org>
>>>      For additional commands, e-mail: user-help@struts.apache.org
>>>      <mailto:user-help@struts.apache.org>
>>>
>>>
>>
>>
>> --
>> Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
>> emilu@encs.concordia.ca        +1 514 848-2424 x5884
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>   		 	   		
>


-- 
Emi Lu, ENCS, Concordia University, Montreal H3G 1M8
emilu@encs.concordia.ca        +1 514 848-2424 x5884

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message