Developers List [EMAIL PROTECTED]
Sent: Thursday, November 07, 2002 11:41 PM
Subject: Re: auth bug fix for 4.0.6
Bill Barker wrote:
As a non-4.x expert, your patch looks ok. I would guess that it would
still
have problems with a request to /foo/protected where the
security-constraint
is only
Bill Barker wrote:
Replying to an older version of the thread, since I share messages the
other
way around.
Personally, I think that Remy needs to work on his people skills.
Keith has
been a very valuable committer on the 3.3 branch. Rather than
shooting him
down, you could have given him
]
| Sent: Friday, November 08, 2002 2:42 AM
| To: Tomcat Developers List
| Subject: Re: auth bug fix for 4.0.6
|
|
| Bill Barker wrote:
|
| As a non-4.x expert, your patch looks ok. I would guess that it would
| still
| have problems with a request to /foo/protected where the
| security
bug fix for 4.0.6
|
|
| I would guess that it would still
| have problems with a request to /foo/protected where the security-constraint
| is only for /foo/protected/*.
|
|
--
To unsubscribe, e-mail: mailto:tomcat-dev-unsubscribe;jakarta.apache.org
For additional commands, e-mail
Keith Wannamaker wrote:
Remy, I don't even know if 4.1.x and 5.0 share the bug or not;
I haven't tested it, though I suspect they do. I do know 4.0.6
has the bug.
I'm not sure what interpretation you are questioning -- if it
is the placement or nature of the fix, sure, I said someone may
want
As a non-4.x expert, your patch looks ok. I would guess that it would still
have problems with a request to /foo/protected where the security-constraint
is only for /foo/protected/*.
- Original Message -
From: Keith Wannamaker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
Bill Barker wrote:
As a non-4.x expert, your patch looks ok. I would guess that it would
still
have problems with a request to /foo/protected where the
security-constraint
is only for /foo/protected/*.
I don't agree, the patch is bad for 4.1.x and 5.0 (at least, you must
use the decoded URI
