Per, I actually made sure the file (filename.jpg) was at each location. If it was allowed access, and the file was not there, I would have seen the html page that is generated from part of my pipeline. I've tried requesting the file when it wasn't there, and I was allowed access, and I saw my custom file not found page. So, my next guess would be that is the way Cocoon must be handling security access (just returning the not found page). Thanks again for pointing that out.
Matthew > > It seems that absolute URLs are not a problem. The > following examples > > give me an error page: > > > > URI: > > > > <cocoon base URI>/../filename.jpg > > <cocoon base URI>/download/../../filename.jpg > > <cocoon base URI>/images/../../filename.jpg > > > > error page: > > > > HTTP Status 404 - /filename.jpg > > > > > ---------------------------------------------------------------------- > > -- > > -------- > > > > type Status report > > > > message /filename.jpg > > > > description The requested resource (/filename.jpg) is not available. > > > > > > > ---------------------------------------------------------------------- > > -- > > -------- > > > > Apache Tomcat/4.1.3 > > > > > > Working URI: > > > > <cocoon base URI>/download/../filename.jpg > > Doesn't that simply mean that /filename.jpg isn't there? What > if it was in your root directory, outside of your webapp's > space? Would it return? > > What if you try /etc/passwd? > > Or on Windows NT/2000, something in /winnt? > > Per --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
