Sorry Hugo, Didn't see this post until just now. I'm glad Adam was able to clarify things a bit and thanks for updating that on the Wiki too.
Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ Open BlueDragon Steering Committee Adobe Solution Provider Hugo Ahlenius wrote: > Ok, thanks - I see that now. By accessing INDEX.CFM for instance, one gets > access to the source as a text file... > > I'll add a short note about that to the wiki. > > /H. > > -- > Hugo Ahlenius > fraxinus (at-sign) oxel.net > http://www.oxel.net > > > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > Adam Haskell > Sent: Monday, June 01, 2009 20:31 > To: [email protected] > Subject: Re: tomcat - symlinks on windows > > http://tomcat.apache.org/tomcat-5.5-doc/config/context.html > >>From that page describing allowLinking: > If the value of this flag is true, symlinks will be allowed inside the web > application, pointing to resources outside the web application base path. If > not specified, the default value of the flag is false. > NOTE: This flag MUST NOT be set to true on the Windows platform (or any > other OS which does not have a case sensitive filesystem), as it will > disable case sensitivity checks, allowing JSP source code disclosure, among > other security problems. > > Hope that helps :) > Adam > > On Mon, Jun 1, 2009 at 4:22 AM, Hugo Ahlenius <[email protected]> wrote: > > Jordan, > > I saw that you, on the wiki, added a warning that one shouldn't allow > symlinks on Windows hosts, in tomcat - do you have any links for that? I did > a quick googling, and didn't find anything immediately obvious... > > Thanks, > Hugo > > -- > Hugo Ahlenius > fraxinus (at-sign) oxel.net > http://www.oxel.net > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
