RE: security fraud in mod_jk

[Ignacio J. Ortega]

> De: Robert Douglass [mailto:[EMAIL PROTECTED]]
> Enviado el: martes 26 de marzo de 2002 13:12

8<

/*
 * We are now in a security nightmare, it maybe that
somebody sent 
 * us a uri that looks like /top-secret.jsp. and the web
server will 
 * fumble and return the jsp content. 
 *
 * To solve that we will check for path info following the
suffix, we 
 * will also check that the end of the uri is not .suffix.
 */
int fraud = check_security_fraud(uw_map, uri, l);
8<

The excerpt above is from the code in mod_jk...

It seems you are trying to include or something, with an absolute path..

Only a wild guess, the code seems to be trying to assure the user is not
trying to  get the code from a jsp.., by trying some kind of weird
URL.., 

Saludos ,
Ignacio J. Ortega

--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

security fraud in mod_jk

[Robert Douglass]

Can anybody tell me what this means? It is from the mod_jk log. "Security
fraud" sound ominous, and I know very little about security anyway. Thanks,
RD

[jk_uri_worker_map.c (424)]: In jk_uri_worker_map_t::map_uri_to_worker,
found a security fraud in
[/jakarta-tomcat-3.2.3/webapps/RobertDouglass/Template.jsp/]
[jk_uri_worker_map.c (424)]: In jk_uri_worker_map_t::map_uri_to_worker,
found a security fraud in [/Template.jsp/]


--
To unsubscribe:   
For additional commands: 
Troubles with the list: