DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13172 Port incorrect in getServerPort and in access log ------- Additional Comments From [EMAIL PROTECTED] 2003-05-30 18:56 ------- It seems that the getServerPort() method returns the port as specified in the Host header of the received message, not the port of the connector through which the request arrived. This seems to be a huge security issue. I am currently using a filter in my code to verify that a request arrived on a particular port (for security reasons) and am actually only verifying that the Host header says it came in on the port. It would be trivial for a client to spoof my code if I were to rely on the getServerPort() method as implemented. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
