Difference between revisions of "Struts"

From OWASP
Jump to: navigation, search
(New page: ==Status== '''Content to be finalised. First draft''' ==Author== Eelco Klaver ==Introduction == ==Architecture== ==Components== ===Action=== ===ActionForm=== ===Validation=== ==Con...)
 
Line 4: Line 4:
 
Eelco Klaver
 
Eelco Klaver
 
==Introduction ==
 
==Introduction ==
 
+
This article describes the web security implications for the Struts MVC framework, how Struts helps in securing your web applications and where special attention is needed. It will not describe the internal details of Struts.
  
 
==Architecture==
 
==Architecture==
Line 11: Line 11:
 
==Components==
 
==Components==
 
===Action===
 
===Action===
 +
* No distinction is made between HTTP GET and POST method. Both methods are mapped to the same Action execute method.
  
 
===ActionForm===
 
===ActionForm===

Revision as of 00:27, 31 May 2007

Contents

Status

Content to be finalised. First draft

Author

Eelco Klaver

Introduction

This article describes the web security implications for the Struts MVC framework, how Struts helps in securing your web applications and where special attention is needed. It will not describe the internal details of Struts.

Architecture

Components

Action

  • No distinction is made between HTTP GET and POST method. Both methods are mapped to the same Action execute method.

ActionForm

Validation

Configuration

Roles