awarnier wrote:
>
>
> No. But before you find a "solution" and create a big security issue, I
> suggest that from now on you check this with different browsers, and
> particularly different IE versions.
>
> I think that the "fix" you found is really a kludge, in that it kind of
> works by making some pieces of software believe that this is an
> acceptable file name, while other pieces may see this as a file path.
> But it seems *really* dangerous to me.
>
> As pid indicated, you should fix the problem, not the symptom.
> Or you will end up sorry, I am quite certain.
>
> Fixing the URLs in this case means to replace the %5C's (escaped \) by
> escaped "/" characters, before you send the links to the browser.
>
>
OK, now I understand what you mean by "fixing the URLs". The problem with
this alternative, is that I have no access to the source code (which is
huge, by the way), and I wish to solve this issue through the
configuration-way (because I believe that the problem can be solved that
way) and not the code-way . That is because on tomcat 5 there is no issue
with the filenames, and hence I assumed that this should be the case with
tomcat 6 too.
On the other hand, you are right as far as security is concerned, and I
wouldn't want to impose any security holes by using this "fix". I just
assume that there should be a rational solution to my problem, without
having to touch the sources and/or opening holes in my system.
Thank you for your answer and time.
--
View this message in context:
http://old.nabble.com/tomcat-6.0-404-error-only-on-firefox-due-to-backslashes--tp28844040p28845545.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
