-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Keith,
On 7/4/2009 7:17 PM, Keith67 wrote:
I have an application I would like to allow users to upload files through,
and then I want to be able to link to them and serve them from the server.
If I do this, I run the risk of them uploading
Chris and Len,
Thanks for this.
In thinking about this, it may be the easiest thing for me to do to simply
block people uploading files that look like .jsp! Initially didn't consider
this, as it's a blacklisting approach as opposed to a whitelisting approach,
which is not as good really. Made
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Keith,
On 7/5/2009 10:15 AM, Keith67 wrote:
In thinking about this, it may be the easiest thing for me to do to simply
block people uploading files that look like .jsp!
That is definitely a possible strategy, but would that interfere with
your
Christopher Schultz wrote:
Keith,
On 7/4/2009 7:17 PM, Keith67 wrote:
I have an application I would like to allow users to upload files
through,
and then I want to be able to link to them and serve them from the
server.
If I do this, I run the risk of them uploading executable content
Yes, thought had occurred... It wouldn't need to be DefaultServlet even as I
can control the URL for which these files would be accessed.
It was the thought of cut and pasting all the MIME types to get them to work
that was putting me off!
Thanks,
Keith.
--
View this message in context:
This might seem like a strange request, but I would like to use Tomcat to
only serve static files, from a certain context anyway.
I have an application I would like to allow users to upload files through,
and then I want to be able to link to them and serve them from the server.
If I do this, I
The default handling of JSP files is set in conf/web.xml: *.jsp and
*.jspx are handled by JspServlet.
In your special context, you could handle *.jsp and *.jspx files
with a servlet that just returns an error. That should do the trick.
--
Len
2009/7/4 Keith67 keithmatthewwat...@gmail.com:
