Cheong Takhoe wrote:
> Hi,
>
> I discovered that Tomcat has a security problem with regards to the way it
> works with the handlers.
>
> if you have a file x.jsp
> when you access it through the web browser, http://<hostname>/x.jsp\
> with the \ there,
>
> it opens up the source code....
> HMMMMMmmmm...
>
> I don't know whether this is similar on a non-NT platform.
> any ideas about this? solutions?
>
Thanks for the bug report. In the future, could you do me two favors?
* Please post Tomcat-related problems to a Tomcat-related mailing list.
That way, they will get attention immediately -- relatively few Tomcat
developers are reading JSP-INTEREST.
* It is critically important to know which version of Tomcat you are talking
about (and also important to know which OS and JDK). For this
particular issue, I was able to reproduce the problem with the 4.0
pre-alpha nightly builds, but could *not* reproduce it with 3.1 or 3.2.
Is that consistent with your experience?
>
> regards,
> Cheong Takhoe
>
Craig McClanahan
====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00): Sun Technical Briefing
Session T06 (24-Oct 14h00-15h00): Migrating Apache JServ
Applications to Tomcat
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
