I don't have any specific objection to allowing what Lev has provided. BIG ALARMING TEXT should be used in the default web.xml files and in the Java file itself. We should also make a clear distinction between a dev suitable web.xml and a production ready one.
On Thu, Dec 11, 2008 at 8:27 AM, Lev Epshteyn <[email protected]> wrote: > Hmmm... That's a good point. How about leaving the pertinent servlet > declarations commented out in the web.xml files? That ought to mitigate the > problem, yet make distributing a "dev-only" binary a simple affair... > > On Wed, Dec 10, 2008 at 10:29 PM, Nick Lothian > <[email protected]>wrote: > > > If people leave this in on a production system (which they will do), and > > deploy behind a reverse proxy then in some circumstances (depending on > your > > servlet engine & config) ALL request may appear to come from 127.0.0.1. > > (See, for eg: > > > http://grokbase.com/thread/m/2006/07/17/patch-to-override-request-getremoteaddr-if-behind-a-reverse-proxy/xaqnRqmBVpzX-i2E8I1LGljLwzA#xaqnRqmBVpzX-i2E8I1LGljLwzA > > ) > > > > That could be kind bad (especially since there is no checking of the path > > for directory traversal etc). > > > > Nick > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] > > Sent: Thursday, 11 December 2008 9:35 AM > > To: [email protected] > > Subject: Adding local file rendering support to Sample Container > > > > Reviewers: shindig-dev, > > > > Description: > > This patch enables Shindig's Sample Container to render files local to > > the developer's machine. > > > > This is facilitated by adding a Servlet that serves these files (only to > > localhost requests). > > > > The Sample Container UI has been changed to support this feature > > (including allowing one to pick a file from the local filesystem via a > > file input control) > > > > Please review this at http://codereview.appspot.com/10269 > > > > Affected files: > > > > > > > java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/localfile/LocalFileServlet.java > > java/server/src/main/webapp/WEB-INF/web.full.xml > > java/server/src/main/webapp/WEB-INF/web.gadgets.xml > > java/server/src/main/webapp/WEB-INF/web.xml > > javascript/samplecontainer/samplecontainer.html > > javascript/samplecontainer/samplecontainer.js > > > > > > > > IMPORTANT: This e-mail, including any attachments, may contain private or > > confidential information. If you think you may not be the intended > > recipient, or if you have received this e-mail in error, please contact > the > > sender immediately and delete all copies of this e-mail. If you are not > the > > intended recipient, you must not reproduce any part of this e-mail or > > disclose its contents to any other party. This email represents the views > of > > the individual sender, which do not necessarily reflect those of > > Education.au except where the sender expressly states otherwise. It is > your > > responsibility to scan this email and any files transmitted with it for > > viruses or any other defects. education.au limited will not be liable for > > any loss, damage or consequence caused directly or indirectly by this > email. > > >
