Larry,
Thanks. The restored mod_jk behavior is the same as
Tomcat 3.3.x with DecodeInterceptor ... safe=true/,
the default. Unsafe escapes give 403's. We can
add a similar option to mod_jk to turn off the checking.
Though, I can't image a situation where it would make
sense to accept
-Original Message-
From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 06, 2003 4:51 AM
To: 'Tomcat Developers List'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Larry,
Thanks. The restored
of %2F from also
succeeding.
Cheers,
Larry
-Original Message-
From: Larry Isaacs
Sent: Thursday, February 06, 2003 8:02 AM
To: Tomcat Developers List
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
-Original Message
Larry,
Sorry, Clicked the wrong button. :)
No problem, :), i undertands the concerns, and the change seems a little
daring i know.. anyway, reviewing by peers works, thanks god.. :)
To finish the thought, with the change below, does
http://localhost/test%2F/test.jsp
still go to
, February 05, 2003 4:04 AM
To: 'Tomcat Developers List'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Larry,
Sorry, Clicked the wrong button. :)
No problem, :), i undertands the concerns, and the change
seems a little
daring i
Larry,
I wouldn't see it as a step forward where we increase
the vulnerability of the majority, and the effort needed
to deal with that, in favor of satisfying a small minority
that insist on using inherently unsafe escape sequences.
Maybe this new behavior should be an option like it is
access to these escapes.
Cheers,
Larry
-Original Message-
From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 05, 2003 5:02 PM
To: 'Tomcat Developers List'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Hi Nacho,
My brain is isn't firing on all cylinders at the moment,
but this makes me a little nervous. I think some of the
problems in the past have been where malicious escaping
would prevent request from being forwarded to Tomcat, and
would be served statically.
-Original Message-
to serve it statically?
Larry
-Original Message-
From: Larry Isaacs
Sent: Tuesday, February 04, 2003 8:17 PM
To: Tomcat Developers List
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Hi Nacho,
My brain is isn't firing on all
Mladen, there are 2 ways to configure i_r2.dll, with a properties file
in the same dir where the dll resides, and using the registry, i'm all
to this patch but i like to see it configurable in the p file aswell,
right now this needs to have jk2 inited as is using jk2 own p files
reading methods,
-Original Message-
From: Ignacio J. Ortega [mailto:[EMAIL PROTECTED]]
Sent: 7. srpanj 2002 21:28
To: 'Tomcat Developers List'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Mladen, there are 2 ways to configure i_r2.dll
-Original Message-
From: Mladen Turk [mailto:[EMAIL PROTECTED]]
Sent: 7. srpanj 2002 21:50
To: 'Tomcat Developers List'
Subject: RE: cvs commit:
jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
Mladen, there are 2 ways to configure i_r2.dll, with a
I'm
Added few #ifdefs to make it compile with my version of
MSVC ( probably
an old one ).
It's not a new MSVC version, You need to download the Microsoft Platform
SDK, to get the includes and libs needed to compile an
isapi_redirector2.dll with all the later developments, mainly to be able
On Thu, 23 May 2002, Ignacio J. Ortega wrote:
Added few #ifdefs to make it compile with my version of
MSVC ( probably
an old one ).
It's not a new MSVC version, You need to download the Microsoft Platform
SDK, to get the includes and libs needed to compile an
14 matches
Mail list logo