Bug 11210 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11210) is a
security problem which could have serious effects for people using
JNDIRealm with the Netscape/iPlanet JNDI LDAP provider
(com.netscape.jndi.ldap.LdapContextFactory). The default provider
Hi,
I've got the following error when I try to create LoginContext in my
servlet.
What should I do?
java.lang.SecurityException: Sealing violation loading javax.naming.Context
: Package javax.naming is sealed.
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassL
Hi,
A security problem affecting Tomcat 4.0.2 (and all versions of 4.x) has been
reported, which allows to get a request dispatcher to an URL outside of the
context root.
This is not a security problem when NOT using a security manager, since it
is always possible to use direct filesystem
I've confirmed that this also happens with TC3.3B1 stand-alone:
$ telnet localhost 8080
GET /%3f%41%3d%42.jsp HTTP/1.0
- Original Message -
From: "William Barker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 15, 2001 2:48 PM
Subject:
Using:
Apache 1.3.17
TC3.3 B1
Ajp13
Java 1.3.1
making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a
request for the file "/?A=B.jsp". JspInterceptor then happily creates a
page containing the contents of the ROOT directory. The attached patch
forbids such silliness.
JspI
HI to all,
i have found some problem in configuring security on site (Sparc Solaris
5.7) with Tomcat 3.2 (in virtual host).
Everything goes Ok, but when I tried to configure Basic Realm on a
particular Servlet class or sub dir of WEB-INF i didn't found any solution.
Is it possible to keep in sec
Petr Jiricka wrote:
> Does not the following address this issue for Tomcat 3.2 ? (from
> $TOMCAT_HOME/doc/readme)
>
> 6.7 URL's are now case sensitive on all operating systems
>
> As of Tomcat 3.2, URL's are case sensitive for all operating systems,
> including operating systems which have case i
; security and portability among them.
>
> Petr
>
> > -Original Message-
> > From: Greg Wilkins [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, November 30, 2000 11:21 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> > [EMAIL PROTECTED]; [EMAIL PRO
OTECTED]]
> Sent: Thursday, November 30, 2000 11:21 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Web application security problem on windows
>
>
>
> Web applications running on Windows (or other systems with non case
> sensit
Thank you for your feedback on the Servlet API. Your feedback will be
read by an engineer on the Java Servlet API Team and given serious
consideration. We will contact you directly if we have further
questions about your feedback.
--
Web applications running on Windows (or other systems with non case
sensitive file systems) can have secure content accessed by
using different case. The problem is a design problem for
security-constraints and an implementation problem for WEB-INF
For example I have been able to access /WeB-iN
11 matches
Mail list logo
