Buddy wu a écrit : >2006/3/7, David Kerber <[EMAIL PROTECTED]>: > > >><Context caseSensitive="false"> >> >> >thanks a lot. it worked. >and I think someone discussed other problem of these question maybe >right. but my goal is only to let tomcat's URL or URI (I don't kown >which is wright, or all are write) case-insensitive. I don't care the >case-sensitive feature in jsp or servlet file can work( maybe it MUST >case-sensitive, because of java language, but I don't care about >these. I just need URL is CASE-INSENSITIVE, And it will be ok to me) > > > This only applies to ressource url, not servlet url, neither filters, nor security-constraint.
>and the security problem that someone has said, I think it may not be >so important. If a hacker want to detect your site, I think he will >test all posibles JSP Jsp jSP and others. > > > That's not where security problem lies: Let's assume your public site is at http://<yourserver>/<yourwebapp>/index.jsp if casesensitiveness is deactivated and you are using a case sensitive filesystem (like the microsoft ones), accessing http://<yourserver>/<yourwebapp>/index.jsP will point to same filesystem ressouce, but with one exception, it will not be handled by jsp engine and requester will simply get the jsp source instead of generated html (a jsp source could contain potentially critical informations like database connection informations) More dangerous, suppose your application have an admin interface located at http://<yourserver>/<yourwebapp>/admin/ with a security-constraint in web.xml mapped to 'admin/*', any anonymous user can have his browser point at 'AdMiN/' and will have access to admin interface without authentification, bypassing securities! Of course it's not a problem if you don't have jsps, neither servlets, nor security constraints, that if you are serving static content. But then ,why using tomcat? >but thanks again ,everyone > > >>Buddy wu wrote: >> >> >> >>>2006/3/7, Long <[EMAIL PROTECTED]>: >>> >>> >>> >>> >>>>Buddy wu wrote: >>>> I wan't to know there is any way to set tomcat NOT CASE SENSITIVE in URL >>>> I mean: when I write in browser's 'http://localhost/test.html' >>>>equals to 'http://localhost/TEST.htm'. Can I do it ? or just in >>>>WINDOWS can but Linux/unix can't? >>>> >>>>Right, url is case-insensitive under Windows because the file system >>>> >>>> >>>> >>>> >>>But, the FACT is that under Windows the URL is CASW-SENSITIVE, not >>>case-insecsitive , why? >>> >>>I've tried, under Windows, test.html and TEST.html is diffrent in >>>tomcat server. Is there a parameter to set?? >>> >>> >>> >>> >>> >>>>can't tell a difference between test.html and TEST.html. The difference >>>>is there under Linux/UNIX. >>>> >>>>Long >>>> >>>> >>>>--------------------------------------------------------------------- >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >>> >>> >>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
