[jira] Issue Comment Edited: (MRM-789) Archiva may delete you app server installation

Fri, 30 May 2008 03:51:55 -0700 

    [ 
http://jira.codehaus.org/browse/MRM-789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=136792#action_136792
 ] 

oching edited comment on MRM-789 at 5/30/08 5:49 AM:
---------------------------------------------------------------

I'm not sure if this would work, but maybe we could put a check in the webapp 
before saving a repo config--if the location specified is equal to the value of 
'appserver.base' or 'appserver.home', then it shouldn't be allowed? Would this 
address the problem?

      was (Author: oching):
    Hmm.. the value of the location for the repositories configured by default 
in Archiva 1.0.2 is ${appserver.base}/data/repositories/[REPO_ID]. So deleting 
the repo should not delete the app server because of the '/data/repositories/' 
in the path. And in Archiva 1.1-SNAPSHOT (trunk version), the ${appserver.base} 
is already eliminated since we're now using a standalone jetty instead of the 
plexus-runtime.

I'm not sure if this would work, but maybe we could put a check in the webapp 
before saving a repo config--if the location specified is equal to the value of 
'appserver.base', then it shouldn't be allowed? Would this address the problem?
  
> Archiva may delete you app server installation
> ----------------------------------------------
>
>                 Key: MRM-789
>                 URL: http://jira.codehaus.org/browse/MRM-789
>             Project: Archiva
>          Issue Type: Bug
>          Components: repository interface
>    Affects Versions: 1.0.2
>         Environment: linux, jdk 1.6, tomcat 6
>            Reporter: Brill Pappin
>            Assignee: Maria Odea Ching
>            Priority: Critical
>             Fix For: 1.1
>
>
> I installed the WAR version of Archiva into my tomcat instance... no problem 
> so far.
> I then attempted to delete the default "internal" repository. I hit the 
> delete config and contents button.
> At that moment I noticed that the repository directory was the tomcat home 
> directory.
> Archiva managed to completely delete my Tomcat installation.
> To reproduce this, install it as a war, point a repo dir at your app server 
> home, and hit the delete button (make sure you have a backup).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to