[WW-4728] JSONValidationInterceptor change static parameters names - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.10
Component/s: Plugin - JSON
Labels:
None

Description

For security reasons I want to not reveal that we are using struts2 in our site. But the hackers can find it if they see the hidden parameters in the request.

Is it possible to make below parameters configurable ( For example in struts.xml)

public static final String VALIDATE_ONLY_PARAM = "struts.validateOnly";
public static final String VALIDATE_JSON_PARAM = "struts.enableJSONValidation";
public static final String NO_ENCODING_SET_PARAM = "struts.JSONValidation.no.encoding";

Attachments

Activity

People

Assignee:: Lukasz Lenart

Reporter:: Alireza Fattahi

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Dec/16 05:13

Updated:: 13/Feb/17 09:50

Resolved:: 09/Jan/17 10:40