Caldarale, Charles R wrote:
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>>
>> Since the filesystem is case-sensitive, it may well have both
>> "abc.html" and "ABC.HTML" in the sam
Tim Funk wrote:
Its there "for convenience" (and been there "forever") - but it is a
great big security whole if we ignore case (Try asking for
/web-INF/wEb.xml - or even more evil "/web-INF/wEb.xm%6c")
Ok. My point (at the end) was : there does not seem to be a real
"useful use" for /ever/
Its there "for convenience" (and been there "forever") - but it is a
great big security whole if we ignore case (Try asking for
/web-INF/wEb.xml - or even more evil "/web-INF/wEb.xm%6c")
-Tim
André Warnier wrote:
Even that wouldn't work.
Since the filesystem is case-sensitive, it may well h
Caldarale, Charles R wrote:
Presumably the first or last one encountered. ...
Or it could just pick a random file in the directory, whether it matches
something or not. After all, you were saying that this would only
affect lazy clients or bad programmers.
--
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> Since the filesystem is case-sensitive, it may well have both
> "abc.html" and "ABC.HTML" in the same directory. So which one
> would it pick to ke
Caldarale, Charles R wrote:
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat 6.0.18 access files case-insensitive
Now if the attribute is false, does that mean that Tomcat will try all
possible case variations between "abc.html" and "ABC.HTML" before it
Caldarale, Charles R wrote:
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Should the first phrase not read
>> "If the value of this flag is true, all case sensitivity checks will be
>> *enabled*."
>
> Agreed.
Fixed for 4.1.x, 5.5.x, 6.0.x & trunk. Will be in the next releases of each.
All t
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> Now if the attribute is false, does that mean that Tomcat will try all
> possible case variations between "abc.html" and "ABC.HTML" before it
> gi
Caldarale, Charles R wrote:
From: André Warnier [mailto:a...@ice-sa.com]
I also wonder what the purpose of this attribute really is, in fact.
Should this not always be left to "case sensitive = true" ?
Unless you're begging for trouble, or have a really, really sloppy programming
staff.
-
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> So apparently Tomcat does not just use the standard Windows
> file..open function, it runs additional checks.
Tomcat doesn't use Windows anything, it uses the JRE
Markus Schönhaber wrote:
André Warnier:
the filesystem which matters. If the filesystem is case-insensitive, it
doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
No. Try
http://localhost:8080/tomcat.gif
and
http://localhost:8080/tomcaT.gif
with a default Tomcat install.
Sor
Markus Schönhaber:
> André Warnier:
>
>> the filesystem which matters. If the filesystem is case-insensitive, it
>> doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
>
> No. Try
Hm, re-reading the way you asked the question, this should be "Yes, it
does matter" instead of "No"
André Warnier:
> the filesystem which matters. If the filesystem is case-insensitive, it
> doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
No. Try
http://localhost:8080/tomcat.gif
and
http://localhost:8080/tomcaT.gif
with a default Tomcat install.
--
Regards
mks
-
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 6/11/2009 6:32 AM, André Warnier wrote:
It's not a "base feature" of either Java or Tomcat, it's a base feature
of the OS. Windows filesystems are (relatively, see below)
case-insensitive, Unix/Linux are absolu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 6/11/2009 6:32 AM, André Warnier wrote:
> It's not a "base feature" of either Java or Tomcat, it's a base feature
> of the OS. Windows filesystems are (relatively, see below)
> case-insensitive, Unix/Linux are absolutely case-sensitive. Si
See |caseSensitive| here
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
But doing so makes your installation VERY insecure in a windows
environment. (Since ACL's can be bypassed since most ACL rules are case
sensitive)
I performance is of no concern - you could go crazy and forc
Alexander Diedler wrote:
Hello,
We have an Application based on IIS 6.0 and Tomcat 6.0.18. In this
Application will be opened a PDF (href=start.PDF). In this PDF are many
links to other documents, that will be opened in the browser. (KapA.PDF,
KapB.PDF). Now the distributor deliver updatefiles w
17 matches
Mail list logo