geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Hogstrom (JIRA)" <...@geronimo.apache.org>
Subject [jira] Closed: (GERONIMO-1489) Minor fixes/updates to jUDDI webapp and Tomcat config
Date Thu, 02 Feb 2006 06:18:38 GMT
     [ http://issues.apache.org/jira/browse/GERONIMO-1489?page=all ]
     
Matt Hogstrom closed GERONIMO-1489:
-----------------------------------

    Resolution: Fixed

Left the build information intact from patch2.  Other hunks applied.

Patches applied to branches/1.0

Sending        1.0/applications/uddi-server/src/webapp/WEB-INF/web.xml
Sending        1.0/applications/uddi-server/src/webapp/happyjuddi.jsp
Sending        1.0/configs/uddi-tomcat/src/plan/plan.xml
Transmitting file data ...
Committed revision 374278.

trunk

Sending        applications/uddi-server/src/webapp/WEB-INF/web.xml
Sending        applications/uddi-server/src/webapp/happyjuddi.jsp
Sending        configs/uddi-tomcat/src/plan/plan.xml
Transmitting file data ...
Committed revision 374281.

> Minor fixes/updates to jUDDI webapp and Tomcat config
> -----------------------------------------------------
>
>          Key: GERONIMO-1489
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1489
>      Project: Geronimo
>         Type: Bug
>   Components: sample apps, security
>     Versions: 1.0
>  Environment: AG 1.0 on WinXP w/ Sun JDK 1.4.2_08
>     Reporter: Donald Woods
>     Assignee: Donald Woods
>     Priority: Minor
>      Fix For: 1.0.1, 1.1
>  Attachments: Geronimo-1489_part1.patch, Geronimo-1489_part2.patch, Geronimo-1489_part3.patch
>
> When user accesses the console displayed webapp location of jUDDI at -
>    http://localhost:8080/juddi
> Part 1 - they are presented with a directory listing with happyjuddi.jsp in it instead
of the JSP automatically loading.
> Part 2 - when they click on the JSP, the page loads and shows system properties, which
should not be displayed as any user has access to this JSP and some of the information could
be used to try and hack into the system (like username and OS info)
> Part 3 - the uddi-tomcat configuration creates a uddi-jetty directory in the config store
instead of the expected uddi-tomcat
> 3 separate patches will be attached for the above using the latest 1.0 branch code.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message