https://bz.apache.org/bugzilla/show_bug.cgi?id=57287
--- Comment #10 from Christopher Schultz <ch...@christopherschultz.net> ---
Some comments on this old patch.
1. Protections against accessing WEB-INF are shuffled-around a little in a way
which is less efficient than before. [A first glance, I think every WEB-INF and
META-INFO directory (or file!) will be removed from the display, which I think
is incorrect behavior. We should only hide {context}/WEB-INF and
{context}/META-INF, not {context}/foo/META-INF. This is not a problem with the
patch; but something that could be improved.]
2. The number of comparator classes can probably be reduced. The complication
of "directories always first" makes this less straightforward than it might
seem. But there is an opportunity for improvement, here.
3. Comparators are completely thread-safe and do not need to be instantiated
for every request.
4. This sorting is not optional (on the part of the server). If the client
requests sorting, sorting will be done. This can be a DOS for a large
directory. Some protection is necessary to prevent using resources that the
administrator does not want to be used.
I'm interested in whether anyone cares whether "alphanumeric" sorting[1] is
important.
[1] http://www.davekoelle.com/alphanum.html
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
