January – 2010

Monthly Archives: January 2010

Adventures in Haskell – Type inference

Posted January 30, 2010 – 11:49 am

I’m learning Haskell, so I thought I’d write about my adventures as I go along. One of the first things I noticed about Haskell (apart from the obvious, such as being functional) is that it is very good about type inference. This means that the vast majority of the time, I don’t need to tell […]

Tagged haskell, type inference, types | Comments (0)

Struts 2 insecure direct object reference – part 2 – ParameterNameAware

Posted January 23, 2010 – 8:39 pm

I discussed security issues in a previous post regarding malicious HTTP request parameters injecting data into a Struts 2 application. Jon pointed out an interface I had forgotten about, ParameterNameAware. How this works is quite simple. Your action class implements ParameterNameAware, and in the acceptableParameterName(String parameterName) method, you return true only if the client is […]

Tagged security, struts, struts2 | Comments (0)

Struts 2 insecure direct object reference

Posted January 4, 2010 – 3:49 pm

There is a type of vulnerability which seems peculiar to Struts 2/WebWork applications and therefore may not be widely known. (It may exist in other frameworks as well, but I haven’t personally used any that have it.) The vulnerability is not part of Struts 2, but it enables it in the same sense that a […]

Tagged security, struts, struts2 | Comments (0)

HttpServletRequest cheat sheet

Posted January 1, 2010 – 2:44 pm

Many HttpServletRequest properties can be confusing, so I decided to create this cheat sheet. (Properties can have similar names, some properties contain delimiters and some don’t, etc.) Let’s say your domain is domain.com, and it points to a router which forwards the request to port 8080 on a server called bob with a local IP […]

Tagged httpservletrequest, java, jee | Comments (0)

Main Menu Home Blog Publications Public Key Tags android backups c++ colorvision complexity dom domain double e-mail encryption equals google graphics haskell html httpservletrequest java jee jython key kubuntu linux mailman meta microsoft moment nasa outlook passwords pattern matching performance pipelines python review samsung scripts security struts struts2 TailPlot type inference types ubuntu w3c xkcd Archives December 2015 June 2015 April 2015 October 2014 June 2014 February 2014 June 2013 March 2013 December 2012 August 2012 July 2012 May 2012 March 2012 January 2012 November 2011 June 2011 April 2011 March 2011 January 2011 November 2010 September 2010 July 2010 June 2010 May 2010 April 2010 March 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 Search RSS Feeds All posts All comments Meta Log in	/ Blog
	Monthly Archives: January 2010 Adventures in Haskell – Type inference Posted January 30, 2010 – 11:49 am I’m learning Haskell, so I thought I’d write about my adventures as I go along. One of the first things I noticed about Haskell (apart from the obvious, such as being functional) is that it is very good about type inference. This means that the vast majority of the time, I don’t need to tell […] Tagged haskell, type inference, types \| Comments (0) Struts 2 insecure direct object reference – part 2 – ParameterNameAware Posted January 23, 2010 – 8:39 pm I discussed security issues in a previous post regarding malicious HTTP request parameters injecting data into a Struts 2 application. Jon pointed out an interface I had forgotten about, ParameterNameAware. How this works is quite simple. Your action class implements ParameterNameAware, and in the acceptableParameterName(String parameterName) method, you return true only if the client is […] Tagged security, struts, struts2 \| Comments (0) Struts 2 insecure direct object reference Posted January 4, 2010 – 3:49 pm There is a type of vulnerability which seems peculiar to Struts 2/WebWork applications and therefore may not be widely known. (It may exist in other frameworks as well, but I haven’t personally used any that have it.) The vulnerability is not part of Struts 2, but it enables it in the same sense that a […] Tagged security, struts, struts2 \| Comments (0) HttpServletRequest cheat sheet Posted January 1, 2010 – 2:44 pm Many HttpServletRequest properties can be confusing, so I decided to create this cheat sheet. (Properties can have similar names, some properties contain delimiters and some don’t, etc.) Let’s say your domain is domain.com, and it points to a router which forwards the request to port 8080 on a server called bob with a local IP […] Tagged httpservletrequest, java, jee \| Comments (0)
	This website contains my own opinions and does not reflect the opinions of anyone else. I do not guarantee that any information on this site is accurate. Use at your own risk. Content is subject to change or removal without notice. All rights reserved. Slippery when wet. May contain peanuts.