-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter,
> After poking around a little more, it seems that the call > > > application.getRealPath(request.getServletPath()) > provides the proper local file path for me. Any reason not to use that? You still have to add the request's URI to the end of that. You are basically making the same suggestion that I did. The only reasons I an think of not to do this are involved with security. You'd better make sure that remote users can't construct URLs that can poke around on your disk. My recommendation is that if you already know where the request is going (say, they request /foo/bar/baz.jsp and you are processing /foo/bar/baz.jsp, then just load the resource statically yourself). What you are doing seems most appropriate when, say, using the "path info" of the URL to locate a resource that has been PUT in the past. In this case, I would imagine a mapping layer between the remote user's request and the actual path on the disk (say, /foo/bar/baz maps to /user-files/a/b/c/1234.tiff or something like that). This way, remote users cannot arbitrarily request resources that are on your server. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFTe+X9CaO5/Lv0PARAlZCAKCfwXjkliITKGgMXoF07oEbdHbb2wCePkfc v7llczHqQhCVR/SHuqcEfU8= =XbqF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
