java - Does the ModelDriven interface poses a security explot in struts2? -

-

background: coded struts2 actionsupport class modeldriven. it's hibernate/spring web app, using osiv , attached entities in view (jsp).

i received email today architect 'punishing' me putting object had reference attached entity on struts2 valuestack via modeldriven<e> interface. correct or what? obviously, serious thing doing not following saying, , don't feel taking offer , visiting him @ desk after this. oh boy. time change careers.

--- architect ---

billy, discussed, still making same mistakes in code on , on again. forth time have made error , i'm concerned quality of work. it's 1 thing make once or twice, after forth time, wondering if unable comprehend saying. following spell out you. if don't after reading email, come desk , we'll go on it. has stop immediately, , want code refactored before end of day correcting mistake. if code bleeds production, we'll have serious security problem on our hands. note copying dave on proper reprimand can issued. going recommend dave moved level iii level ii developer. read following , please learn it, , refactor code i've indicated.

about binding objects:

when struts2 action class marked modeldriven interface, model bound form elements in html page. example, if html form has field called username , action class defined as:

public class useraction extends actionsupport implements modeldriven

and usermodel pojo follows:

public class usermodel {   private string username;    public string getusername() {       return username;   }    public void setusername(string username) {        this.username = username;   } }

when form submitted, long action contains instance of usermodel, struts2 bind field username usermodel.username, automagically populating value.

this simplicity has high cost malicious users, however. if object declared modeldriven, end-user, browsing user is, has access models graph via models setters. take case example:

public class useraction extends actionsupport implements modeldriven

and...

public class usermodel {   private string username;   private userentity userentity;    public string getusername() {       return username;   }    public void setusername(string username) {        this.username = username;   }    pubic userentity getuserentity() {       return userentity;   } }

and...

@entity public class userentity {     private string password;      public string getpassword() {         return password;     }      public void setpassword(string password) {         this.password = password;     }  }

assuming osiv pattern being used, , entity userentity attached.

a crafty user bit of fore knowledge or time on hands may:

/myform?username=billy&userentity.password=newpassword

assuming entity saved @ end of session, above results in changing billy's password.

the point is, object graph available!

when using modeldriven, , using alternative horrible approach, must define fine grained models placed on valuestack, , copy model target object before sending response , allowing transaction commit.

your architect right, putting objects access sensitive information on valuestack poses potential security risk. malicious user indeed reset password above attack.

but:

since architect should have designed ways proper validation/restriction of input parameters. using paramsinterceptor in struts2 it's easy allow specific parameters passed action. thus, it's not work sucks, it's system's architecture. developers should able focus on implementing business logic. infrastructure must provided architect.

cheers,

w


Comments

Post a Comment

Popular posts from this blog

windows - Why does Vista not allow creation of shortcuts to "Programs" on a NonAdmin account? Not supposed to install apps from NonAdmin account? -

-
i'm working on installer (using wise installer, older version 1999). i'm creating shortcut in programs group exe. i'm creating shortcut on desktop. if install run admin account, create shortcut on common desktop , common program group (i.e., read hkey_local_machine\explorer\shellfor users). if it's installed nonadmin account, install hkey_current_user's desktop , program group. behavior install on: xp nonadmin - desktop , program shortcuts install ok. vista admin - desktop & program shortcuts install ok. vista non-admin, uac off - desktop shortcut installs, program shortcut not . however, program group folder they're supposed installed does created. at end of install, launch program group has shorcut. launches in of above. can manually drag shortcut folder , works fine. i'm bloody baffled. i've tried installing other commercial apps (opera, foxit, firefox) firefox install under nonadmin (and if select other program files,...
Read more

c++ - How do I get a multi line tooltip in MFC -

-
right now, have tool tip pops when hover on edit box. problem tool tip contains multiple error messages , in 1 long line. need have each error message on own line. error messages contained in cstring new line seperating them. my existing code below. bool ontooltiptext(uint, nmhdr* pnmhdr, lresult* presult) { assert(pnmhdr->code == ttn_needtexta || pnmhdr->code == ttn_needtextw); // need handle both ansi , unicode versions of message tooltiptexta* pttta = (tooltiptexta*)pnmhdr; tooltiptextw* ptttw = (tooltiptextw*)pnmhdr; // tchar szfulltext[256]; cstring strtiptext=_t(""); uint nid = pnmhdr->idfrom; if (pnmhdr->code == ttn_needtexta && (pttta->uflags & ttf_idishwnd) || pnmhdr->code == ttn_needtextw && (ptttw->uflags & ttf_idishwnd)) { // idfrom hwnd of tool nid = ::getdlgctrlid((hwnd)nid); } //m_errprojaccel[ch] contains 1 or more error messages each...
Read more

unit testing - How to mock PreferenceManager in Android? -

-
i've written class using context , third party library , sharedpreferences preferencemanager . it's possible mock context , third party library can mocked using mocking framework, preferencemanager ? i have 2 methods: public void savestring(thirdpartyobject obj) { sharedpreferences apppreferences = preferencemanager.getdefaultsharedpreferences(mcontext); sharedpreferences.editor editor = apppreferences.edit(); editor.putstring(mcontext.getstring( r.string.preferences_string_name), obj.getstring()); editor.commit(); } and corresponding, loads preferences. it doesn't want mock instance of preferencemanager (which used in preferencefragment or preferenceactivity ). you want either: a mock sharedpreferences , in case can mock context#getsharedpreferences (which called preferencemanager#getdefaultsharedpreferences anyhow). you'll have make mock sharedpreferences.editor if preferences edited, above. know how moc...
Read more