cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stevenson, Chris (SSABSA)" <>
Subject RE: XSP and file:// <-- Security issues?
Date Mon, 27 Mar 2000 01:36:40 GMT
> I am having trouble getting the XSP logicsheets located with file://
> file://C:/java/jakarta-tomcat/webapps/ROOT/XSL/JavaXML.xsp.xsl
> Unknown host: C:

Forgive me if this is a naive question, but are there any rules 
for which file:/// urls are accessible from within cocoon?

For example: suppose I am an ISP wanting to run Apache and 
make tomcat available for my clients to run their own webapps.

They can drop their apps into a public_webapp directory, and 
tomcat automatically loads them.

I would not want a file:/// URL to be able to serve out my 
passwd file!

I would have thought that a file: URL might more naturally map
onto the webapp/servlet zone than the host file system - and 
say apply a rule that a file: URL cannot reach outside the 

Again for example: suppose the aforesaid ISP moves the zones 
onto a new machine or into a new directory structure? where
does the URL point then?

On a related note: in tomcat, if I want to link to a 
stylesheet in the root of my webapp, shouldn't I be able to 
link to /stylesheet.css, rather than having to code 
href='" + req.getContextPath() + "/stylesheet.css'"

At the moment the link to /stylesheet.css will point to the 
server root, not the webapp root. This breaks the idea that 
a webapp is standalone and can be moved to another machine 
or directory and work 'out of the box'

Alnost as important, why do I have to hard link to my 
properties files from WEB-INF/web.xml? Shouldn't I be able 
to put a relative link in such as ./, and have 
it find WEB-INF/


-- Chris Stevenson ----------------------- SSABSA --
Senior Secondary Assessment Board of South Australia
60 Greenhill Road, Wayville SA 5034, Australia
phone: (08) 8372 7515
  fax: (08) 8372 7590

View raw message