markt 2005/05/11 14:39:41
Modified: catalina/src/share/org/apache/catalina/authenticator FormAuthenticator.java SavedRequest.java webapps/docs changelog.xml Log: Include request body in saved request when using FORM authentication. - Fixes problem with saved request assuming platform default encoding for POSTed parameters. - Improves restoration of request by using CoyoteRequest
This is way too risky to do it for any POST (which could be a file upload), and I think it could lead to easy DoSes, so I share Bill's concerns.
Saving parameters in general is risky as well, obviously ...
IMO, webapps need to be better designed, and auth should happen before sending forms.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]