André Warnier wrote:
...
The point is : allowing users to upload files to the server, and
allowing them to specify a path on the server, is dangerous and
difficult to do right.
Better to use something that is already ready and debugged.
Let me be more explicit, after having just a quick look at your code :
enter path : /etc
enter filename : passwd
or more devious :
enter path : /some/innocent/path
enter filename : ../../../../../etc/passwd
and your server would not last 2 minutes on the Internet.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
