cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Per Kreipke" <...@onclave.com>
Subject RE: Download Server - directory access denied
Date Tue, 20 Aug 2002 19:13:10 GMT
> It seems that absolute URLs are not a problem. The following examples
> give
> me an error page:
>
> URI:
>
> <cocoon base URI>/../filename.jpg
> <cocoon base URI>/download/../../filename.jpg
> <cocoon base URI>/images/../../filename.jpg
>
> error page:
>
> HTTP Status 404 - /filename.jpg
>
> ------------------------------------------------------------------------
> --------
>
> type Status report
>
> message /filename.jpg
>
> description The requested resource (/filename.jpg) is not available.
>
>
> ------------------------------------------------------------------------
> --------
>
> Apache Tomcat/4.1.3
>
>
> Working URI:
>
> <cocoon base URI>/download/../filename.jpg

Doesn't that simply mean that /filename.jpg isn't there? What if it was in
your root directory, outside of your webapp's space? Would it return?

What if you try /etc/passwd?

Or on Windows NT/2000, something in /winnt?

Per


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message