: sábado, 19 de maio de 2007 12:31
Para: Tomcat Users List; [EMAIL PROTECTED]
Assunto: Re: Prevent unwanted requests
I agree, there's no need to place .java files, the .class files under /WEB-INF/
are sufficient.
Unless you're writing an Applet, which has to exist outside /WEB-INF/ , all
other classes
This is less programmatical than pragmatical but you could try not
putting your .java files on the web server...
:oP
Lucas Galfaso wrote:
I think that a new servlet to filter these files is not the proper
approach, and you should use a filter :)
- LG
On 5/18/07, Milanez, Marcus [EMAIL
I agree, there's no need to place .java files, the .class files under
/WEB-INF/ are sufficient.
Unless you're writing an Applet, which has to exist outside /WEB-INF/
, all other classes are protected from browser/ client access when
they're under /WEB-INF/
-Rashmi
On 5/19/07, Pid [EMAIL
Is it possible to prevent the request os unwatned extensions, like
*.bak, *.java and so on, through web.xml file? My solution was creating
a servlet that gets mapped to this extensions, but I could realize that
it doesn't work along with DWR for example... The problem is that when
I invoke
From: Milanez, Marcus [mailto:[EMAIL PROTECTED]
Subject: Prevent unwanted requests
Is it possible to prevent the request os unwatned extensions, like
*.bak, *.java and so on, through web.xml file?
The real question is: Why do have .java, etc., files in accessible
locations? If you keep
are
pointed out... I just want to be sure that these kind of requests are
rejected.
Thanks!
-Mensagem original-
De: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 18 de maio de 2007 16:59
Para: Tomcat Users List
Assunto: RE: Prevent unwanted requests
From: Milanez
On 5/18/07, Milanez, Marcus [EMAIL PROTECTED] wrote:
In fact I don't have this files in my server. The thing is, whenever I
invke URLs that matches /dwr/anyFile.java, I get a positive DWR answer,
as if I had such files in my server.
What do you mean by positive answer?
I just happened to be
I think that a new servlet to filter these files is not the proper
approach, and you should use a filter :)
- LG
On 5/18/07, Milanez, Marcus [EMAIL PROTECTED] wrote:
Is it possible to prevent the request os unwatned extensions, like
*.bak, *.java and so on, through web.xml file? My solution
I'll second that one.
A basic filter that checks the request for .bak, .java, .whatever is
relatively easy and transparent (you don't have to change even one line
of your existing code). When you find one of those banned extensions,
just return a 403 (forbidden) or 404 (not found) on the
