tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From unplug <unp...@vulture.no-ip.com>
Subject Re: source code exposure
Date Fri, 27 Feb 2004 04:14:27 GMT
As you can see, the jsp only contains a line of code <%= new
java.util.Date() %>.  I haven't set the content type in the jsp and it
can be run at http://company.com/examples/test.jsp.  However source code
exposure at http://company.com//examples/test.jsp.  I wonder why the "/"
will cause source code exposure.  Is it a bug or configuration missing
of tomcat?  Anyone can help to stop source code exposure.

Thanks,
unplug

jerome moliere wrote:
> 
> unplug wrote:
> 
> >HI all,
> >
> >  I am using Fedora Core 1 with tomcat 4.1.29, apache 2.0.48 and
> >mod_jk2.  I have created a simple jsp (code listed below) and put it
> >under $CATALINA_HOME/webapps/examples.
> >
> >code:
> >file name: test.jsp
> ><%= new java.util.Date() %>
> >
> >  It can be accessed in the browser using the following link
> >http://company.com/examples/test.jsp
> >
> >  However, its source code will be exposed when I type the following.
> >http://company.com//examples/test.jsp
> >
> >  How can I configure it to prevent such exposure?  Anyone can give me
> >an advise.
> >
> >
> I guess taht your JSP doesn't specify the content for the response so the browser
doesn't layout the HTML but show the code source instead...
> So try to fix the content type in your response to text/html
> HTH
> Jerome

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message