Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4728

JSONValidationInterceptor change static parameters names

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.10
    • Component/s: Plugin - JSON
    • Labels:
      None

      Description

      For security reasons I want to not reveal that we are using struts2 in our site. But the hackers can find it if they see the hidden parameters in the request.

      Is it possible to make below parameters configurable ( For example in struts.xml)

      public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
      public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
      public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";
      

        Attachments

          Activity

            People

            • Assignee:
              lukaszlenart Lukasz Lenart
              Reporter:
              afattahi Alireza Fattahi
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: