Just be EXTREMELY careful; such servlets/jsps tend to open up security holes, if not properly coded, which allow users of said servlet/jsp to get to other files elsewhere on your hard disk (a password file, config files, etc).
Make sure you limit the scope of what jsp sources can be viewed, and don't forget about weirdly formed URLs, relative paths (../../../etc/somefile.txt), etc. Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com >>> [EMAIL PROTECTED] 8/8/03 12:05:00 PM >>> Write a servlet/jsp that goes and gets the jsp you want and displays it to you. > -----Original Message----- > From: Eric J. Pinnell [mailto:[EMAIL PROTECTED] > Sent: Friday, August 08, 2003 2:02 PM > To: Tomcat Users List > Subject: Re: is there a way to download a jsp file from > server without executing it? > > > Or stealing :) > > -e > > On Fri, 8 Aug 2003, Tim Funk wrote: > > > I hope not, we tend to call that a security flaw. > > > > -Tim > > > > Prince wrote: > > > hi > > > > > > is there a way to download a .jsp file without executing > it? ie i need the > > > content od jsp file, not the result of that jsp file. > same question goes > > > with .cgi, .asp, .pl etc > > > > > > regds > > > Prince > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
