Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-18 Thread jean-frederic clere
Filip Hanik - Dev Lists wrote: Mladen Turk wrote: Filip Hanik - Dev Lists wrote: Mladen Turk wrote: This simply has to stop. taking trunk away, this turn of events is expected. I wish everyone would have thought of that before we got caught up in the personal, and not what is important,

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-16 Thread Jim Jagielski
On Sep 14, 2007, at 11:08 PM, Bill Barker wrote: Now, I'd prefer that TC is just the Servlet/JSP container that it is meant to be, and not try to add on proprietary features. But that is just me ;). Others too I think. Open Source, esp open source at the ASF, has a long and useful

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-16 Thread Remy Maucherat
Mark Thomas wrote: Remy Maucherat wrote: Tim Funk wrote: 2) If a deploy tool is used which is doing checks - adding an extra check to allow/deny/restrict scope should not be too hard to do. Since users can disable symlink checks in the same class (FileDirContext) - the same exposure could be

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Remy Maucherat
Tim Funk wrote: 2) If a deploy tool is used which is doing checks - adding an extra check to allow/deny/restrict scope should not be too hard to do. Since users can disable symlink checks in the same class (FileDirContext) - the same exposure could be had with a little more effort. I'm not

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Mark Thomas
Remy Maucherat wrote: Tim Funk wrote: 2) If a deploy tool is used which is doing checks - adding an extra check to allow/deny/restrict scope should not be too hard to do. Since users can disable symlink checks in the same class (FileDirContext) - the same exposure could be had with a little

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Tim Funk
Remy Maucherat wrote: I tested with the security manager, and it doesn't behave correctly. If the context.xml inside a webapp is: Context Resources className=org.apache.naming.resources.FileDirContext docBase=c:/foo aliases=/mysecretpath/=c:/ / /Context The docBase hack

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Mladen Turk
Filip Hanik - Dev Lists wrote: Mladen Turk wrote: This simply has to stop. taking trunk away, this turn of events is expected. I wish everyone would have thought of that before we got caught up in the personal, and not what is important, trunk debate. I did, as well others did (I hope)

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Costin Manolache
Well, regarding the veto - it's simple. I second Remy's opinion that the veto is valid and the change is not right at the moment, and I guess that should close this discussion. The discussion about whether to add such a feature or not - I think a simple vote would solve this as well, it's quite

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-15 Thread Filip Hanik - Dev Lists
Mladen Turk wrote: Filip Hanik - Dev Lists wrote: Mladen Turk wrote: This simply has to stop. taking trunk away, this turn of events is expected. I wish everyone would have thought of that before we got caught up in the personal, and not what is important, trunk debate. I did, as well

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Remy Maucherat
Remy Maucherat wrote: It's not a real veto anyway, but no proper review mechanism exists at the moment, and it's hard to integrate feature additions in 6.0.x without prior discussion. I did review the patch: - the syntax seems appropriate - I don't know if it allows redirecting a single fine,

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Tim Funk
The basic concept behind the logic is: - Look for prefix - Replace with new base path The new path replacement is done before the symlink and case check is done so those checks are still preserved. (Just with the new path alias). If there is a security manager in play - it should already be

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Costin Manolache
I'm not sure the security discussion is that simple, this seems quite a dangerous change. Currently the user is restricted to the webapps/ directory ( well, he can add a context with the base in /etc and expose passwd I guess - but hopefully if a deploy tool is used or some automation is done

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Filip Hanik - Dev Lists
Costin Manolache wrote: I'm not sure the security discussion is that simple, this seems quite a dangerous change. Currently the user is restricted to the webapps/ directory ( well, he can add a context with the base in /etc and expose passwd I guess - but hopefully if a deploy tool is used or

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Jim Jagielski
On Sep 14, 2007, at 3:30 PM, Filip Hanik - Dev Lists wrote: Costin Manolache wrote: I'm not sure the security discussion is that simple, this seems quite a dangerous change. Currently the user is restricted to the webapps/ directory ( well, he can add a context with the base in /etc

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Jim Jagielski
On Sep 14, 2007, at 2:49 PM, Costin Manolache wrote: It may also have some implications on other use cases - deployment ( the current pattern is that all files for a webapp are in one place ), replication ( i.e. if someone wants same webapps on a pool of servers ). To me this is an

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Remy Maucherat
Jim Jagielski wrote: On Sep 14, 2007, at 2:49 PM, Costin Manolache wrote: It may also have some implications on other use cases - deployment ( the current pattern is that all files for a webapp are in one place ), replication ( i.e. if someone wants same webapps on a pool of servers ). To

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Filip Hanik - Dev Lists
Remy Maucherat wrote: Jim Jagielski wrote: On Sep 14, 2007, at 2:49 PM, Costin Manolache wrote: It may also have some implications on other use cases - deployment ( the current pattern is that all files for a webapp are in one place ), replication ( i.e. if someone wants same webapps on

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Jim Jagielski
On Sep 14, 2007, at 3:50 PM, Remy Maucherat wrote: Jim Jagielski wrote: On Sep 14, 2007, at 2:49 PM, Costin Manolache wrote: It may also have some implications on other use cases - deployment ( the current pattern is that all files for a webapp are in one place ), replication ( i.e. if

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Remy Maucherat
Filip Hanik - Dev Lists wrote: Remy Maucherat wrote: Yes, this is hard to compare to httpd, as in the case of Tomcat, there is precise specification which defines a portable web application packaging. I see the latest changes have all aimed at breaking portability, and I don't like that at

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Jim Jagielski
On Sep 14, 2007, at 4:27 PM, Remy Maucherat wrote: Filip Hanik - Dev Lists wrote: Writing a portable webapp, is doable, and essentially has nothing to do with the optional feature set in Tomcat. If you want a portable webapp, simply don't use the non portable features in Tomcat. It's

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Filip Hanik - Dev Lists
Remy Maucherat wrote: Filip Hanik - Dev Lists wrote: Remy Maucherat wrote: Yes, this is hard to compare to httpd, as in the case of Tomcat, there is precise specification which defines a portable web application packaging. I see the latest changes have all aimed at breaking portability, and

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Remy Maucherat
Jim Jagielski wrote: Filip agreed that if it went against the specification then the patch had no place being committed. In fact, I think everyone did :) If, however, the specification is moot, then the decision on how much to add in response to user or developer desire is, I think we all

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Remy Maucherat
Filip Hanik - Dev Lists wrote: I totally accept that you dont like the policy, but it doesn't justify vetos. and that has been one of the core of the issues. the one time it would fly for a veto would be when, a) others feel the same, b) no one likes the feature I detailed a number of reason

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Tim Funk
Hopefully I can get all the concerns in one email ... [Pardon me if this is not the most coherent - I been on vacation this week and I was staining and putting sealer or some wood furniture and got too many fumes to the head ... but don't let that reflect badly on the patch ... that was done

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Bill Barker
Remy Maucherat [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Peter Rossbach wrote: Hi, I like this FileDirContext extension. It is a very nice way to include external content without symlinks! I'm not hot about it, and this seems like a a sort of superset of the

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-14 Thread Mladen Turk
Bill Barker wrote: Now, I'd prefer that TC is just the Servlet/JSP container that it is meant to be, and not try to add on proprietary features. But that is just me ;). You are not the only one ;) Seems we have lost the clear vision of the project somewhere in the flame wars. It has

svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread funkman
Author: funkman Date: Thu Sep 13 08:19:59 2007 New Revision: 575332 URL: http://svn.apache.org/viewvc?rev=575332view=rev Log: Allow for Aliases at the resource level. This is to prevent situations of relying on symlinks, or Filters while still make outside directories appear as part of the

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Remy Maucherat
[EMAIL PROTECTED] wrote: Author: funkman Date: Thu Sep 13 08:19:59 2007 New Revision: 575332 URL: http://svn.apache.org/viewvc?rev=575332view=rev Log: Allow for Aliases at the resource level. This is to prevent situations of relying on symlinks, or Filters while still make outside

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Peter Rossbach
Hi, I like this FileDirContext extension. It is a very nice way to include external content without symlinks! Regards Peter Am 13.09.2007 um 17:25 schrieb Remy Maucherat: [EMAIL PROTECTED] wrote: Author: funkman Date: Thu Sep 13 08:19:59 2007 New Revision: 575332 URL:

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Remy Maucherat
Peter Rossbach wrote: Hi, I like this FileDirContext extension. It is a very nice way to include external content without symlinks! I'm not hot about it, and this seems like a a sort of superset of the customizable classloader (which I already didn't like much, if you're following my

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Tim Funk
D'oh. I was tempted to post a patch first and discuss, but since it was only a setZZZ addition and the functionality is exactly the same when the parameter is NOT set - I thought this could go CTR. In light of the recent CTR/RTC discussions - we are still CTR until the vote passes. Likewise

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Filip Hanik - Dev Lists
Remy Maucherat wrote: [EMAIL PROTECTED] wrote: Author: funkman Date: Thu Sep 13 08:19:59 2007 New Revision: 575332 URL: http://svn.apache.org/viewvc?rev=575332view=rev Log: Allow for Aliases at the resource level. This is to prevent situations of relying on symlinks, or Filters while still

Re: svn commit: r575332 - in /tomcat/tc6.0.x/trunk: java/org/apache/naming/resources/FileDirContext.java webapps/docs/changelog.xml

2007-09-13 Thread Remy Maucherat
Tim Funk wrote: D'oh. I was tempted to post a patch first and discuss, but since it was only a setZZZ addition and the functionality is exactly the same when the parameter is NOT set - I thought this could go CTR. In light of the recent CTR/RTC discussions - we are still CTR until the vote