Caldarale, Charles R wrote:
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>>
>> Since the filesystem is case-sensitive, it may well have both
>> "abc.html" and "ABC.HTML" in the sam
Tim Funk wrote:
Its there "for convenience" (and been there "forever") - but it is a
great big security whole if we ignore case (Try asking for
/web-INF/wEb.xml - or even more evil "/web-INF/wEb.xm%6c")
Ok. My point (at the end) was : there does not seem to be a real
"useful use" for /ever/
Its there "for convenience" (and been there "forever") - but it is a
great big security whole if we ignore case (Try asking for
/web-INF/wEb.xml - or even more evil "/web-INF/wEb.xm%6c")
-Tim
André Warnier wrote:
Even that wouldn't work.
Since the filesystem is case-sensitive, it may well h
Caldarale, Charles R wrote:
Presumably the first or last one encountered. ...
Or it could just pick a random file in the directory, whether it matches
something or not. After all, you were saying that this would only
affect lazy clients or bad programmers.
--
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> Since the filesystem is case-sensitive, it may well have both
> "abc.html" and "ABC.HTML" in the same directory. So which one
> would it pick to ke
Caldarale, Charles R wrote:
From: André Warnier [mailto:a...@ice-sa.com]
Subject: Re: Tomcat 6.0.18 access files case-insensitive
Now if the attribute is false, does that mean that Tomcat will try all
possible case variations between "abc.html" and "ABC.HTML" before it
Caldarale, Charles R wrote:
>> From: André Warnier [mailto:a...@ice-sa.com]
>> Should the first phrase not read
>> "If the value of this flag is true, all case sensitivity checks will be
>> *enabled*."
>
> Agreed.
Fixed for 4.1.x, 5.5.x, 6.0.x & trunk. Will be in the next releases of each.
All t
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> Now if the attribute is false, does that mean that Tomcat will try all
> possible case variations between "abc.html" and "ABC.HTML" before it
> gi
Caldarale, Charles R wrote:
From: André Warnier [mailto:a...@ice-sa.com]
I also wonder what the purpose of this attribute really is, in fact.
Should this not always be left to "case sensitive = true" ?
Unless you're begging for trouble, or have a really, really sloppy programming
staff.
-
> From: André Warnier [mailto:a...@ice-sa.com]
> Subject: Re: Tomcat 6.0.18 access files case-insensitive
>
> So apparently Tomcat does not just use the standard Windows
> file..open function, it runs additional checks.
Tomcat doesn't use Windows anything, it uses the JRE
Markus Schönhaber wrote:
André Warnier:
the filesystem which matters. If the filesystem is case-insensitive, it
doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
No. Try
http://localhost:8080/tomcat.gif
and
http://localhost:8080/tomcaT.gif
with a default Tomcat install.
Sor
Markus Schönhaber:
> André Warnier:
>
>> the filesystem which matters. If the filesystem is case-insensitive, it
>> doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
>
> No. Try
Hm, re-reading the way you asked the question, this should be "Yes, it
does matter" instead of "No"
André Warnier:
> the filesystem which matters. If the filesystem is case-insensitive, it
> doesn't matter whether the URL is /ABC.PDF or /abc.pdf, does it ?
No. Try
http://localhost:8080/tomcat.gif
and
http://localhost:8080/tomcaT.gif
with a default Tomcat install.
--
Regards
mks
-
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 6/11/2009 6:32 AM, André Warnier wrote:
It's not a "base feature" of either Java or Tomcat, it's a base feature
of the OS. Windows filesystems are (relatively, see below)
case-insensitive, Unix/Linux are absolu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 6/11/2009 6:32 AM, André Warnier wrote:
> It's not a "base feature" of either Java or Tomcat, it's a base feature
> of the OS. Windows filesystems are (relatively, see below)
> case-insensitive, Unix/Linux are absolutely case-sensitive. Si
See |caseSensitive| here
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
But doing so makes your installation VERY insecure in a windows
environment. (Since ACL's can be bypassed since most ACL rules are case
sensitive)
I performance is of no concern - you could go crazy and forc
Alexander Diedler wrote:
Hello,
We have an Application based on IIS 6.0 and Tomcat 6.0.18. In this
Application will be opened a PDF (href=start.PDF). In this PDF are many
links to other documents, that will be opened in the browser. (KapA.PDF,
KapB.PDF). Now the distributor deliver updatefiles w
Hello,
We have an Application based on IIS 6.0 and Tomcat 6.0.18. In this
Application will be opened a PDF (href=start.PDF). In this PDF are many
links to other documents, that will be opened in the browser. (KapA.PDF,
KapB.PDF). Now the distributor deliver updatefiles with changing extensions
or
18 matches
Mail list logo
