> From: Giuseppe Santamaria [mailto:[EMAIL PROTECTED] > Subject: Security problems with caseSensitive to false > > Is there a way to avoid which jsp code to be visible (in the browser) > through the request "filename.JSP" , in other words calling > the file jsp with uppercase extension?
You could write a valve or filter that detects the undesired casing and changes it to the expected lower case. It would also be possible to use the eight possible upper/lower case combinations in the servlet mapping for the JspServlet in conf/web.xml (you should also do the 16 mappings for *.jspx at the same time). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]