Geert Van Damme wrote:
> Hi,
>
> I'm mainly using JServ but now I'm experimenting a bit with tomcat and I
> think I found an important security problem.
>
> If you request a jsp file but use .JSP (uppercase) instead of .jsp it
> doesn't compile the jsp page but just serves you the jsp file with all the
> code in it.
>
> First of all, I think it's important to tell that I'm using NT. I guess
> that's where the problem comes from since NT file system is not case
> sensitive (which I think is a GOOD thing :-). Anyway, I don't know if it's
> only when I use the tomcat http server or anything else. I just discovered
> it. Maybe it's even old news.
> Anyone else seen this?
>
You are right about where the problem is (NT is not case sensitive). You are also
right that it's old news. The important thing is that HTTP URLs are supposed to
be case-sensitive, and the servlet specs follow the same rules. Therefore, ".jsp"
and ".JSP" are different.
>
> Geert Van Damme
>
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
