tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject cvs commit: jakarta-tomcat-catalina/webapps/docs/config context.xml defaultcontext.xml resources.xml
Date Sun, 30 Nov 2003 14:35:45 GMT
remm        2003/11/30 06:35:45

  Modified:    webapps/docs/config context.xml defaultcontext.xml
                        resources.xml
  Log:
  - Documentation on the various flags which were added.
  - Add big warnings about the flags which are dangerous in Windows.
  
  Revision  Changes    Path
  1.6       +47 -0     jakarta-tomcat-catalina/webapps/docs/config/context.xml
  
  Index: context.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/context.xml,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- context.xml	30 Jul 2003 18:37:51 -0000	1.5
  +++ context.xml	30 Nov 2003 14:35:45 -0000	1.6
  @@ -188,11 +188,58 @@
   
       <attributes>
   
  +      <attribute name="allowLinking" required="false">
  +        <p>If the value of this flag is <code>true</code>, symlinks will
be
  +        allowed inside the web application, pointing to resources outside the
  +        web application base path. If not specified, the default value
  +        of the flag is <code>false</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to true on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
  +      </attribute>
  +
  +      <attribute name="cacheMaxSize" required="false">
  +        <p>Maximum size of the static resource cache in kilobytes. 
  +        If not specified, the default value is <code>10240</code>
  +        (10 megabytes).</p>
  +      </attribute>
  +
  +      <attribute name="cacheTTL" required="false">
  +        <p>Amount of time in milliseconds between cache entries revalidation.
  +        If not specified, the default value is <code>5000</code> 
  +        (5 seconds).</p>
  +      </attribute>
  +
  +      <attribute name="cachingAllowed" required="false">
  +        <p>If the value of this flag is <code>true</code>, the cache
for static
  +        resources will be used. If not specified, the default value
  +        of the flag is <code>true</code>.</p>
  +      </attribute>
  +
  +      <attribute name="caseSensitive" required="false">
  +        <p>If the value of this flag is <code>true</code>, all case sensitivity
  +        checks will be disabled. If not 
  +        specified, the default value of the flag is <code>true</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to false on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
  +      </attribute>
  +
         <attribute name="debug" required="false">
           <p>The level of debugging detail logged by this <strong>Engine</strong>
           to the associated <a href="logger.html">Logger</a>.  Higher numbers
           generate more detailed output.  If not specified, the default
           debugging detail level is zero (0).</p>
  +      </attribute>
  +
  +      <attribute name="managerChecksFrequency" required="false">
  +        <p>Frequency of the session expiration, and related manager operations.
  +        Manager operations will be done once for the specified amount of
  +        backgrondProcess calls (ie, the lower the amount, the most often the
  +        checks will occur). The minimum value is 1, and the default value is 6.
  +        </p>
         </attribute>
   
         <attribute name="swallowOutput" required="false">
  
  
  
  1.6       +17 -2     jakarta-tomcat-catalina/webapps/docs/config/defaultcontext.xml
  
  Index: defaultcontext.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/defaultcontext.xml,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- defaultcontext.xml	15 Nov 2003 09:45:35 -0000	1.5
  +++ defaultcontext.xml	30 Nov 2003 14:35:45 -0000	1.6
  @@ -96,6 +96,10 @@
           allowed inside the web application, pointing to resources outside the
           web application base path. If not specified, the default value
           of the flag is <code>false</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to true on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
         </attribute>
   
         <attribute name="cacheMaxSize" required="false">
  @@ -118,9 +122,20 @@
   
         <attribute name="caseSensitive" required="false">
           <p>If the value of this flag is <code>true</code>, all case sensitivity
  -        checks will be disabled. This should not be disabled on OSes which do
  -        not have a case sensitive filesystem, such as Windows. If not 
  +        checks will be disabled. If not 
           specified, the default value of the flag is <code>true</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to false on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
  +      </attribute>
  +
  +      <attribute name="managerChecksFrequency" required="false">
  +        <p>Frequency of the session expiration, and related manager operations.
  +        Manager operations will be done once for the specified amount of
  +        backgrondProcess calls (ie, the lower the amount, the most often the
  +        checks will occur). The minimum value is 1, and the default value is 6.
  +        </p>
         </attribute>
   
         <attribute name="swallowOutput" required="false">
  
  
  
  1.5       +10 -2     jakarta-tomcat-catalina/webapps/docs/config/resources.xml
  
  Index: resources.xml
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/resources.xml,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- resources.xml	26 Nov 2003 20:22:34 -0000	1.4
  +++ resources.xml	30 Nov 2003 14:35:45 -0000	1.5
  @@ -81,6 +81,10 @@
           allowed inside the web application, pointing to resources outside the
           web application base path. If not specified, the default value
           of the flag is <code>false</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to true on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
         </attribute>
   
         <attribute name="cached" required="false">
  @@ -101,8 +105,12 @@
         </attribute>
   
         <attribute name="caseSensitive" required="false">
  -        <p>This boolean flag toggles case sensitivity for resourceson 
  -        the Windows platform. Defaults to <code>true</code>.</p>
  +        <p>This boolean flag toggles case sensitivity checks. 
  +        Defaults to <code>true</code>.</p>
  +        <p><b>NOTE: This flag MUST NOT be set to false on the Windows platform
  +        (or any other OS which does not have a case sensitive filesystem),
  +        as it will disable case sensitivity checks, allowing JSP source code
  +        disclosure, among other security problems.</b></p>
         </attribute>
   
         <attribute name="docBase" required="false">
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message