Why can't we use RequestParameterRuleFilter in production?
Question
We are running into an interesting situation on a project where we're trying implement multisite functionality.
There is a component called RequestParameterRuleFilter that we are trying to use to override the “siteid” under certain circumstances.
Oracle's ATG documentation says that this component needs to be turned off in production, and we are trying to figure out why. Using this component saves us a lot of time, but we don't want to risk any security holes or performance issues because of it.
Does anyone on here have any experience with this component, or know why we should not use this? Or, are there other alternative components built in to ATG that can be easily leveraged to provide multisite functionality?
Here is the link to the documentation: http://docs.oracle.com/cd/E35318_02/Platform.10-1-1/ATGPlatformProgGuide/html/s0902installedrulefilters01.html
1 answers
solution1
0 2013-02-04 10:00:20
I think site runs on domain name not on some param bases which can be manipulated easily, may be that y atg dosn't recommend this. We are using URLPatternMatchingRuleFilter, that resolve site based on domain name...and it is working fine...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.