On 13/9/02 1:14, "Remy Maucherat" <[EMAIL PROTECTED]> wrote:
>> This bug is kind of annoying when there are lots of pages
>> shared across multiple clients. The common practice we
>> use on Tomcat 4.0.2 is to build symbolic links under each
>> client that points to a centralized place to avoid file
>> copying on deployment.
>>
>> With the new code in 4.1, the path check below prevents
>> any symlinked pages from being served. I would like to
>> have it removed. However, with these two lines removed,
>> the code essentially retroback to 4.0.2 version with
>> very minor changes.
>
> Obviously, those lines are for security reasons.
>
> -1 for the patch (at best, the check will be made optional).
Hmm... I'm wondering what are the problems if that check is not performed...
I don't see major concerns in allowing symlinked files or directories...
Also, few lines below, the check should be done for OS/X as well, given that
the file system is case insensitive, and for Unix operating systems if they
mount network shared volumes in case those are case unsensitive (SMB with
case insensitive FS on the other side, that kinda stuff)...
Pier
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
