HDIV project is an Apache-licensed Struts’ Security extension that adds
functionalities to Struts, maintaining the API and Struts
This implies that we can use HDIV in applications developed in Struts
transparent way to the programmer and without adding any complexity to
The security functionalities added to the original Struts version are:
guarantees integrity (no data modification) of all the
generated by the server which should not be modified by the client
hidden fields, combo values, radio buttons, destiny pages, etc.).
CONFIDENTIALITY: HDIV guarantees the confidentiality of non editable
well. Usually lots of the data sent to the client has key information
attackers such as database registry identifiers, column or table names,
directories, etc. All these values are hidden by HDIV to avoid a
of them. For example a link of this type,
is replaced by http://www.host.com?data1=0&data2=1,
of the values representing database identifiers.
New release includes a number of new features centered around cookies
editable data validation:
– Cookie confidentiality and integrity validation.
– Editable data validation (textbox and textarea): HDIV eliminates to a
extent the risk originated by attacks of type Cross-site scripting
SQL Injection using generic validations of the editable data (text and
textarea). The user will have to configurate generic validations
in XML format, reducing or eliminating the risk against