Hi
I know which to set tomcat for
the NOT case sensitive, necessity to use the
<Context caseSensitive="false"> of the web application.
but this documentation
(http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
) say
"NOTE: This flag MUST NOT be set to false on the Windows platform (or
any other OS which does not have a case sensitive filesystem), as it
will disable case sensitivity checks, allowing JSP source code
disclosure, among other security problems."
Then there are serious security problems.
Is there a way to avoid which jsp code to be visible (in the browser)
through the request "filename.JSP" , in other words calling the file jsp
with uppercase
extension?
Thanks & Regards,
Giuseppe Santamaria
_________________________________________________________________
Ogni ricerca da questo sito, una donazione per i bambini rifugiati
http://click4thecause.live.com/Search/Charity/Default.aspx?locale=it-it
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
