Page History

Wiki Markup{html}<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-25371431-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script>{html}

Wiki Markup{rate:title=Rating|theme=dynamic|key=JspParameterObjectMappingPlugin}

Overview

JSP Parameter to Action Object Mapping (Security) Plugin INLINE

Excerptdoes this great thing

...

Many applications expose their internal object references to users. Attackers use parameter tampering to change references and violate the intended but unenforced access control policy. Frequently, these references point to file systems and databases, but any exposed application construct could be vulnerable.

...

Instructions how to use your plugin.

Example

...

You could also include screenshots by attaching the images to this page

...

• XML File format given below Code Block *DTD format* code
• <?xml version="1.0" encoding="UTF-8"?> <\!DOCTYPE mapping \[ <\!ELEMENT mapping (requestParameter)> <\!ELEMENT requestParameter (objectMapping)> <\!ELEMENT objectMapping (property)> <\!ELEMENT property (#PCDATA)> \]> code
• *XML Format* code
• <?xml version="1.0" encoding="UTF-8"?> <mapping> <requestParameter name="userName"> <objectMapping> <property>user.userName</property> </objectMapping> </requestParameter> <requestParameter name="password"> <objectMapping> <property>user.password</property> </objectMapping> </requestParameter> </mapping>

• Extends package with name "jsp-parameter-object-mapping"

...