tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: linux + tomcat, some path/link problem
Date Wed, 25 Apr 2007 11:42:15 GMT
Johnny's right.  Just think of the fun and hijinks malicious web 
developers could bring to the table if they could reference any file 
(document or command) they could guess the path to.    Add some ajax and 
the fun get's even better. 

IMHO, it's a good thing this doesn't work.

--David

Johnny Kewl wrote:

>
> No... what I'm trying to tell you is that if your servlet makes a page 
> with file/// links... microsofts new security is going to stop it from 
> working.... nothing to do with Tomcat.
>
> Other browsers also do it
> If a page is delivered by Tomcat or any server with file:/// links you 
> going to have problems.
>
> Here are somethings to help u
> http://blogs.msdn.com/ie/archive/2006/12/06/file-uris-in-windows.aspx
> http://support.microsoft.com/default.aspx?scid=kb;en-us;896204
> http://kb.mozillazine.org/Links_to_local_pages_don't_work
>
> And I just had lots of problems on IE with local file links...
>
> ITS A SECURITY THING...... NOT TOMCAT
>
> regards
> Johnny
>
> ----- Original Message ----- From: "LRS" <mcrayes@gmail.com>
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Sent: Wednesday, April 25, 2007 3:45 AM
> Subject: Re: linux + tomcat, some path/link problem
>
>
>> thanks men, actually I've already tried to add " file:// " prefix
>> explicitly to filePath in A href link, and in mozilla I can see the
>> property of link appear to be " file:///root/test.html " , which is a
>> good sign, huh? but, woo, hate this but, no matter how hard i clicked,
>> the browsers made no reaction, it won't jump to test.html. the same
>> thing happened in opera, so I guess it maybe still have something to
>> with tomcat. I'm gonna work on this after work
>>
>>
>> Johnny Kewl <john@kewlstuff.co.za>
>> Caldarale, Charlie R <Chuck.Caldarale@unisys.com>
>> Fargusson.Alon <Alan.Fargusson@ftb.ca.gov>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message