tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Security restrictions for Tomcat
Date Wed, 26 Sep 2007 19:11:09 GMT
Hash: SHA1


alla winter wrote:
> I am confused now
> web.xml instructs Tomcat what application needs to be called for a given
> MIME type

Nope. This is mapping file extensions to MIME types. Totally different.
Notice that you don't see "msword.exe" anywhere in the MIME type mapping.

> Tomcat pass the request to the  third party application based on the MIME
> type, so if I show the link to the .RTF file and the user selects the link,
> the Microsoft Word will display the selected file.

This is all done by your web browser, in a totally different way.

> My undesraning is that by writing file bytes to the servlet output, I am
> just creating and HTML file where the file content is a body of the HTML

Wrong again. You are serving bytes. As long as you tell the browser the
proper MIME type (via the Content-Type HTTP header), everything will
work out just fine.

> Unless I am missing something here...

Yes, you are confusing what happens on the server with what happens on
the client.

> As far as directory listing - yes, I do see the directory listing for all
> folders that are underneath of my application except WEB-INF and I didn't do
> any special set up for that - I am using all default XMLs except the
> web.xmlwhere I am defining my servlets.

Perhaps Tomcat 5.0 still has the "default" servlet enabled by default.
We'll deal with that once your bigger problems are taken care of.

- -chris

Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message