Comments on: WebWork 2.2.6 released (Security Fix) http://jaybose.com/archives/webwork-226-released-security-fix/ Yapping about stuff. Fri, 10 Sep 2010 19:30:14 +0000 http://wordpress.org/?v=2.2.2 By: Jay http://jaybose.com/archives/webwork-226-released-security-fix/#comment-3286 Jay Wed, 25 Jul 2007 20:44:18 +0000 http://jaybose.com/archives/webwork-226-released-security-fix/#comment-3286 You might be right. I don't know if it's necessarily the responsibility of the MVC to decide what is safe or unsafe. I guess the same goes for SQL injection: should the MVC parse out safe or unsafe SQL calls in the URL? You might be right.

I don’t know if it’s necessarily the responsibility of the MVC to decide what is safe or unsafe. I guess the same goes for SQL injection: should the MVC parse out safe or unsafe SQL calls in the URL?

]]> By: xrellix http://jaybose.com/archives/webwork-226-released-security-fix/#comment-3284 xrellix Wed, 25 Jul 2007 18:02:31 +0000 http://jaybose.com/archives/webwork-226-released-security-fix/#comment-3284 Evaluating user input as an OGNL expression !!! Craziest thing i ever heard/seen (ok maybe not, just like a mini-mall video ranks about the same). Why is it an XWork problem? Wouldn't it be WW2 that parses the HTML form and requests XWork to evaluate? Evaluating user input as an OGNL expression !!!
Craziest thing i ever heard/seen (ok maybe not, just like a mini-mall video ranks about the same).

Why is it an XWork problem? Wouldn’t it be WW2 that parses the HTML form and requests XWork to evaluate?

]]>