On Wed, 3 Jul 2002, Bruno Antunes wrote:
> Date: Wed, 03 Jul 2002 18:06:57 +0100
> From: Bruno Antunes <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat User List <[EMAIL PROTECTED]>
> Subject: Security Issue with forward
&
I, have found that Tomcat only checks the if the
request comes from the client.
Let me exemplify:
- I have in the root of a webapp a jsp [lets name it index.jsp] that
forward requests to a protected resource
named protected/myProtectedResource.do [or a servlet, that will forward
requests usi