geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <...@geronimo.apache.org>
Subject [jira] Updated: (GERONIMO-1489) Minor fixes/updates to jUDDI webapp and Tomcat config
Date Tue, 17 Jan 2006 18:16:42 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1489?page=all ]

Donald Woods updated GERONIMO-1489:
-----------------------------------

    Attachment: Geronimo-1489_part1.patch
                Geronimo-1489_part2.patch
                Geronimo-1489_part3.patch

attached patches based on the items mentioned in each issue part

> Minor fixes/updates to jUDDI webapp and Tomcat config
> -----------------------------------------------------
>
>          Key: GERONIMO-1489
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1489
>      Project: Geronimo
>         Type: Bug
>   Components: sample apps, security
>     Versions: 1.0
>  Environment: AG 1.0 on WinXP w/ Sun JDK 1.4.2_08
>     Reporter: Donald Woods
>     Assignee: Donald Woods
>     Priority: Minor
>      Fix For: 1.0.1, 1.1
>  Attachments: Geronimo-1489_part1.patch, Geronimo-1489_part2.patch, Geronimo-1489_part3.patch
>
> When user accesses the console displayed webapp location of jUDDI at -
>    http://localhost:8080/juddi
> Part 1 - they are presented with a directory listing with happyjuddi.jsp in it instead
of the JSP automatically loading.
> Part 2 - when they click on the JSP, the page loads and shows system properties, which
should not be displayed as any user has access to this JSP and some of the information could
be used to try and hack into the system (like username and OS info)
> Part 3 - the uddi-tomcat configuration creates a uddi-jetty directory in the config store
instead of the expected uddi-tomcat
> 3 separate patches will be attached for the above using the latest 1.0 branch code.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message