Re: cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java
Amy Roh wrote: Remy Maucherat wrote: [EMAIL PROTECTED] wrote: amyroh 2003/02/10 18:27:15 Modified:webapps/admin build.xml webapps/admin/WEB-INF/classes/org/apache/webapp/admin ApplicationResources_en.properties ApplicationResources_es.properties webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java Log: Add validation for RemoteAddrValve and RemoteHostValve to prevent installing a filter that prevents the admin's own access. I don't understand what this does over the stanadard remote host/addr valves. If the maintainer of server.xml wishes to deny access to the admin, then he has the right to do so IMO. I don't agree with forcing the localhost to have access, essentially. I may have an idea of where this new feature is coming from ;-) If the maintainer of server.xml or tomcat wishes to deny access to the admin, he can surely do so by editing server.xml and is recommended to do so if that's what he desires. This patch doesn't prevent that availability. This patch only adds validation in admin to prevent the admin to crash because if the user, who doesn't have better idea how these filters work, just create these filters that deny access to its own admin while running admin will cause the whole admin to crash. Just try adding these valves with deny attribute 127.0.0.1, the whole admin will crash before this patch. Again, this is just a validation of inputs that will have admin continue to work instead of limiting these filters usage. Also note that you can still create these filters to prevent admin access from other ip addresses or host other than admin's own ip and host. Yes, but IMO, it's the admin's problem. The admin webapp shouldn't duplicate the functionality that it present elsewhere. Also, if the admin wishes to disable access from localhost (and access from elsewhere), then he has the right to do so. I see your point regarding the admin should let disabling access from localhost if it's accessing from elsewhere. How about if I remove checking for localhost and just keep the checking for admin's own ip and host? Sorry, but you can only go so far with the for dummy factor ... I know. I know. ;-) Amy Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java
Amy Roh wrote: Amy Roh wrote: Yes, but IMO, it's the admin's problem. The admin webapp shouldn't duplicate the functionality that it present elsewhere. Also, if the admin wishes to disable access from localhost (and access from elsewhere), then he has the right to do so. I see your point regarding the admin should let disabling access from localhost if it's accessing from elsewhere. How about if I remove checking for localhost and just keep the checking for admin's own ip and host? That's probably acceptable. It's not worth the complexity IMO, but it's up to you. Ok, go to bed now :) It's way too late for you, so I'm not integrating your patches for that tag ;-) lol. :-D I don't really care if it's included in *this* tag. I just wanted to come to an agreement between usability and dummy patience. ;-) I must be in european time zone for today. bonne nuit. Amy Remy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java
amyroh 2003/02/10 18:27:15
Modified:webapps/admin build.xml
webapps/admin/WEB-INF/classes/org/apache/webapp/admin
ApplicationResources_en.properties
ApplicationResources_es.properties
webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve
RemoteAddrValveForm.java RemoteHostValveForm.java
ValveUtil.java
Log:
Add validation for RemoteAddrValve and RemoteHostValve to prevent
installing a filter that prevents the admin's own access.
Revision ChangesPath
1.5 +8 -1 jakarta-tomcat-4.0/webapps/admin/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/admin/build.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- build.xml 16 Aug 2002 22:24:06 - 1.4
+++ build.xml 11 Feb 2003 02:27:15 - 1.5
@@ -20,6 +20,7 @@
path id=admin.classpath
pathelement location=${commons-modeler.jar}/
pathelement location=${jmx.jar}/
+pathelement location=${regexp.jar}/
pathelement location=${servlet.jar}/
pathelement location=${struts.jar}/
pathelement location=${commons-beanutils.jar}/
@@ -55,6 +56,9 @@
available property=modeler.present
classname=org.apache.commons.modeler.Registry
classpath=${commons-modeler.jar}/
+available property=regexp.present
+ classname=org.apache.regexp.RE
+ classpath=${regexp.jar} /
available property=servlet.present
classname=javax.servlet.Servlet
classpath=${servlet.jar} /
@@ -69,6 +73,7 @@
!-- JAR files availability flags --
available property=jmx.jar.present file=${jmx.jar} /
available property=modeler.jar.present file=${commons-modeler.jar} /
+available property=regexp.jar.present file=${regexp.jar} /
available property=servlet.jar.present file=${servlet.jar} /
available property=struts.jar.present file=${struts.jar} /
available property=beanutils.jar.present file=${commons-beanutils.jar} /
@@ -82,6 +87,7 @@
equals arg1=${struts.present} arg2=true /
equals arg1=${jmx.present} arg2=true /
equals arg1=${modeler.present} arg2=true /
+ equals arg1=${regexp.present} arg2=true /
available file=${struts.lib}/struts-bean.tld /
available file=${struts.lib}/struts-html.tld /
available file=${struts.lib}/struts-logic.tld /
@@ -126,11 +132,13 @@
echo message=jaxp.present=${jaxp.present} /
echo message=jmx.present=${jmx.present} /
echo message=modeler.present=${modeler.present} /
+echo message=regexp.present=${regexp.present} /
echo message=servlet.present=${servlet.present} /
echo message=--- Required JARs --- /
echo message=jmx.jar.present=${jmx.jar.present} /
echo message=modeler.jar.present=${modeler.jar.present} /
+echo message=regexp.jar.present=${regexp.jar.present} /
echo message=servlet.jar.present=${servlet.jar.present} /
echo message=struts.jar.present=${struts.jar.present} /
echo message=beanutils.jar.present=${beanutils.jar.present} /
@@ -154,7 +162,6 @@
copy todir=${webapps.build}/${webapp.name}/WEB-INF
file=${struts.lib}/struts-html.tld/
copy todir=${webapps.build}/${webapp.name}/WEB-INF
file=${struts.lib}/struts-logic.tld/
/target
-
!-- === BUILD: Create Directories == --
target name=build-prepare
1.73 +6 -0
jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources_en.properties
Index: ApplicationResources_en.properties
===
RCS file:
/home/cvs/jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/ApplicationResources_en.properties,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- ApplicationResources_en.properties10 Dec 2002 20:41:47 - 1.72
+++ ApplicationResources_en.properties11 Feb 2003 02:27:15 - 1.73
@@ -251,6 +251,12 @@
valve.denyHosts=Deny these Hosts
valve.allowIPs=Allow IP addresses
valve.denyIPs=Deny IP addresses
+error.allowHost=liAllow is invalid. Need to include the admin's Hostname./li
+error.denyHost=liDeny is invalid. Need to exclude the admin's Hostname./li
+error.allowIP=liAllow is invalid. Need to include the admin's IP address./li
+error.denyIP=liDeny is invalid. Need to exclude the admin's IP address./li
+error.allow.deny.required=liAllow or deny is required./li
+error.syntax=liSyntax error in request filter pattern./li
error.resource.required=liResource Name is required./li
