tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
Date Thu, 12 May 2005 08:07:52 GMT wrote:
> markt       2005/05/11 14:39:41
>   Modified:    catalina/src/share/org/apache/catalina/authenticator
>                webapps/docs changelog.xml
>   Log:
>   Include request body in saved request when using FORM authentication.
>    - Fixes problem with saved request assuming platform default encoding for POSTed
>     parameters.
>    - Improves restoration of request by using CoyoteRequest

This is way too risky to do it for any POST (which could be a file 
upload), and I think it could lead to easy DoSes, so I share Bill's 

Saving parameters in general is risky as well, obviously ...

IMO, webapps need to be better designed, and auth should happen before 
sending forms.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message