Re: How to tweak Turbine to prevent security hole in 4.1.12?

Wed, 25 Sep 2002 01:21:37 -0700 

You would not need to uncomment this for Turbine.

Instead use the following fragment in your turbine webapp's web.xml:

<servlet>
  <servlet-name>turbine</servlet-name>
  <servlet-class>org.apache.turbine.Turbine</servlet-class>
  <init-param>
     <param-name>properties</param-name>
     <!-- This is relative to the docBase -->
     <param-value>/WEB-INF/conf/TurbineResources.properties</param-value>
  </init-param>
  <load-on-startup/>
</servlet>

<servlet-mapping>
    <servlet-name>turbine</servlet-name>
    <url-pattern>/myapp/*</url-pattern>
</servlet-mapping>

Then you access you Turbine application as

   http://yourserver/turbinewebapp/myapp/template/index.vm

Correct, the older way would not work anymore, so urls like 
http://yourserver/yourwebapp/servlet/xxxxx don't load the Turbine 
servlet anymore.

Bart

[EMAIL PROTECTED] wrote:
> Hi all,
> 
> I upgraded to Tomcat 4.1.12, and now my app won't load unless I uncomment
> the code in tomcat\conf\web.xml:
> 
>     <servlet-mapping>
>         <servlet-name>invoker</servlet-name>
>         <url-pattern>/servlet/*</url-pattern>
>     </servlet-mapping>
> 
> However, I believe this opens up the security hole.  Any suggestions on what
> I should change my web.xml for my turbine app to look like?
> 
> Eric
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>




*************************************************************************
The information contained in this communication is confidential and is
intended solely for the use of the individual or entity to  whom it is
addressed.You should not copy, disclose or distribute this communication 
without the authority of iBanx bv. iBanx bv is neither liable for 
the proper and complete transmission of the information has been maintained
nor that the communication is free of viruses, interceptions or interference.

If you are not the intended recipient of this communication please return
the communication to the sender and delete and destroy all copies.

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to