tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Bergsten <h...@gefionsoftware.com>
Subject Re: DefaultServlet path checks
Date Fri, 12 Nov 1999 01:20:27 GMT
James Todd wrote:
> 
> i believe the file path comparison stuff your having problems
> with is a win/jsk1.1.x issue. can you try running on jdk 1.2.x
> to confirm?
> 
> further, there is s sprinkling of util.FilePathPatch() code
> throughout tomcat to take care of this problem on win/jdk1.1.x
> but it is possible that all cases are not covered and further
> this patch actually mucks with a security check in one area.
> 
> i've been grapling with this problem on and off for the last
> 7 months.

James,

did you look at the proposal I sent earlier (the start of this thread)?
I believe that proposal would solve this latest problem as well.
I haven't committed the proposed solution yet for two reasons:
it seems to be a very controversial area so I don't want to modify the
code until the people who have been most involved with the DefaultServlet
gives an okay, and it also looks like the merge of the J2EE and main
branch is not completed and I believe there are two versions of the
DefaultServlet being used right now.

Hans
PS.Yes, I know. I should have marked is PATCH to make it more visible.
I'll do that the next time I submit a proposal.
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com

Mime
View raw message