If it works that way (and I haven't tried it), then I would say that the
caseSensitive="false" flag was not working as I would expect. I would
expect that things defined for /MYNAME would work for /myname if
caseSensitive was false.
Can anybody tell me definitively how this security risk works?
David Delbecq wrote:
I suspect a call to /something.JSP will not go thru the jsp engine.
I can also guess that calls the security constraints applied on /servlet
will not apply on /SERVLET
David Kerber a écrit :
I've seen that notice, but could you explain to me how that works? I
don't see how this could cause any security issues, except for
slightly reducing the number of attempts you would need in a
brute-force hacking attempt.
Dave
David Delbecq wrote:
Be careful, there are security issues with this (jsp code disclosure!)!!
David Kerber a écrit :
<Context caseSensitive="false">
Buddy wu wrote:
2006/3/7, Long <[EMAIL PROTECTED]>:
Buddy wu wrote:
I wan't to know there is any way to set tomcat NOT CASE
SENSITIVE in URL
I mean: when I write in browser's 'http://localhost/test.html'
equals to 'http://localhost/TEST.htm'. Can I do it ? or just in
WINDOWS can but Linux/unix can't?
Right, url is case-insensitive under Windows because the file system
But, the FACT is that under Windows the URL is CASW-SENSITIVE, not
case-insecsitive , why?
I've tried, under Windows, test.html and TEST.html is diffrent in
tomcat server. Is there a parameter to set??
can't tell a difference between test.html and TEST.html. The
difference
is there under Linux/UNIX.
Long
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
