RE: Security problems with caseSensitive to false

Mon, 19 Mar 2007 12:06:17 -0800 

Thank Chuck, for your answer,

but in in FAQ Windows http://tomcat.apache.org/faq/windows.html
there is this paragraph

"Can I turn off case sensitivity?"
Yes
with the link "Yes" to "the Resources Component", but i don't know how work with this component ! 

Can you help me in this context?

Again thanks



From: "Caldarale, Charles R" <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
To: "Tomcat Users List" <users@tomcat.apache.org>
Subject: RE: Security problems with caseSensitive to false
Date: Sat, 17 Mar 2007 16:28:05 -0500

> From: Giuseppe Santamaria [mailto:[EMAIL PROTECTED]
> Subject: Security problems with caseSensitive to false
>
> Is there a way to avoid which jsp code to be visible (in the browser)
> through the request "filename.JSP" , in other words calling
> the file jsp with uppercase extension?

You could write a valve or filter that detects the undesired casing and
changes it to the expected lower case.  It would also be possible to use
the eight possible upper/lower case combinations in the servlet mapping
for the JspServlet in conf/web.xml (you should also do the 16 mappings
for *.jspx at the same time).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



_________________________________________________________________
Ogni ricerca da questo sito, una donazione per i bambini rifugiati http://click4thecause.live.com/Search/Charity/Default.aspx?locale=it-it 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to