FW: Source of JSP returned to user
Thanks to all who responded. I didn't get any of the replies as the whole digest was blocked with the virus infected message but saw them on the archive. As recommended, changing the JDK from 1.4.2 to 1.4.2_02 has resolved this java or as some of you pointed out, windows bug. :) Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com
Source of JSP returned to user
Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com
Re: Source of JSP returned to user
I can't replicate this on my system: jakarta-tomcat-4.1.12-LE-jdk14 java version 1.4.2 kernel-source-2.6.0-test2 So, my sugested workaround would be to install Linux!! Brian Jon O'Sullivan wrote: Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Source of JSP returned to user
Linux is case sensetive for filenames, Windows appearantly still is not. :-) Patrick Ale System administrator Freeler B.V Email: [EMAIL PROTECTED] Tel.: +31 320 267678 Muda o mundo, começe com você mesmo -Oorspronkelijk bericht- Van: Brian Silberbauer [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 28 oktober 2003 13:24 Aan: Tomcat Users List Onderwerp: Re: Source of JSP returned to user I can't replicate this on my system: jakarta-tomcat-4.1.12-LE-jdk14 java version 1.4.2 kernel-source-2.6.0-test2 So, my sugested workaround would be to install Linux!! Brian Jon O'Sullivan wrote: Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon _ ___ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com _ ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Source of JSP returned to user
Since JDK 1.4.2 is being used, try the workaround specified for (you will need to register to see the bug): http://developer.java.sun.com/developer/bugParade/bugs/4895132.html which is: Specify -Dsun.io.useCanonCaches=false to the JVM. Or, try JDK 1.4.1 which doesn't have the cannon cache feature. HTH. Larry P.S. Partial bug description from the bug report above: For an existing file, getCanonicalPath() sometimes can produce a pathname whose case doesn't match that of the existing file's pathname. This doesn't matter in terms of being able to access the file, but it appears that some applications, such as TomCat, depend on getting the correct case. Sometimes the answer for the same input is inconsistent. -Original Message- From: Jon O'Sullivan [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: '[EMAIL PROTECTED]' Subject: Source of JSP returned to user Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon __ __ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com __ __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Source of JSP returned to user
Jon, Mostly the default configuration, but using port 80 rather than 8080. Are you sure you are not running, say, Apache on port 80, and that you have an Alias or DocumentRoot pointing into your webapp's root? I'm guessing that you don't have two HttpConnectors defined in server.xml: one for port 8080 and one for port 80. If so, what is serving port 80 requests? Check the headers coming back. It'll probably tell you what's sending you the page. If so, you'll have to use Apache's configuration to block requests to those resources. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Source of JSP returned to user
Or download JDK 1.4.2_02 (the bug has been fixed in _02) -- Jeanfrancois Larry Isaacs wrote: Since JDK 1.4.2 is being used, try the workaround specified for (you will need to register to see the bug): http://developer.java.sun.com/developer/bugParade/bugs/4895132.html which is: Specify -Dsun.io.useCanonCaches=false to the JVM. Or, try JDK 1.4.1 which doesn't have the cannon cache feature. HTH. Larry P.S. Partial bug description from the bug report above: For an existing file, getCanonicalPath() sometimes can produce a pathname whose case doesn't match that of the existing file's pathname. This doesn't matter in terms of being able to access the file, but it appears that some applications, such as TomCat, depend on getting the correct case. Sometimes the answer for the same input is inconsistent. -Original Message- From: Jon O'Sullivan [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 7:32 AM To: '[EMAIL PROTECTED]' Subject: Source of JSP returned to user Hi, I have accidentally discovered a way that Tomcat can serve the source code of a JSP file. Running Tomcat 4.1.27 standalone, JDK 1.4.2, Win XP Pro. and also Win 2K Server Mostly the default configuration, but using port 80 rather than 8080. pointing my browser to http://localhost/examples/jsp/num/numguess.jsp returns the page as expected for the number guess example but http://localhost/examples/jsp/num/numguess.JSP and other combinations such as http://localhost/examples/jsp/num/numguess.JSp and http://localhost/examples/jsp/num/numguess.Jsp give a file download window for the source of numguess.jsp. Is there a workaround for this? Best Regards Jon __ __ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com __ __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]