This would probably be best sent to the users list. It's all in the way the ISAPI redirector works. It's a combination of an ISAPI filter - this intercepts requests and magically redirects the ones that should go to Tomcat to a different URL, which is the same DLL mounted in a virtual directory as an ISAPI extension. The DLL has to be in a virtual directory with execute permissions for this to work (since that's the way ISAPI extensions work, and there's no other decent way of getting IIS to serve dynamic content).
You would think there could be security implications of having an ISAPI extension that allows you to access any URL in Tomcat sitting in a public virtual directory - if someone crafted a request with the magic headers used to communicate between the filter and extension they could potentially access Tomcat - but the ISAPI filter part of the redirector nukes the magic headers in any incoming request so they'd never get through to the extension. Short story: as long as you've got the redirector installed properly (both the filter and extension parts) you should have no issues. Oh, and I tend to use the properties file configuration mechanism. It's a whole lot easier and more portable than mucking with the registry. cheers tim -----Original Message----- From: Davide Montesin [mailto:[EMAIL PROTECTED] Sent: Wednesday, 28 November 2007 9:12 p.m. To: dev@tomcat.apache.org Cc: Davide Montesin Subject: Tomcat connector for iis We have successufully installed the connector between tomcat and IIS. In the configuration process there is a step that let me surprise. I should create a virtual directory jakarta that points to a dir with isapi_redirect.dll. Why? Why chould not the fisical path of the dll be in the registry like workers, ecc. ? Remembert that this virtual directory is reachable even from outside !?! Can't this generate some security problems ? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
