tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Smith <jsm...@infotrustgroup.com>
Subject RE: Help with a Tomcat issue???
Date Tue, 07 Apr 2009 14:19:59 GMT
Will do.  

-----Original Message-----
From: Mark Thomas [mailto:markt@apache.org] 
Sent: Tuesday, April 07, 2009 8:15 AM
To: Tomcat Users List
Subject: Re: Help with a Tomcat issue???

Jason Smith wrote:
> As follow-up, I guess I would have to count this as a core Java API bug, since the high-level
functions (HttpURLConnection) allow you to routinely emit bad markup.
> 
> However, wouldn't it be prudent in Tomcat to recognize that something has gone wrong
with the method name earlier?  Should method names ever be allowed to contain numbers?  How
about carriage returns and other white space?  
> 
> So the root question is, should I write this up as a low-priority bug, or is the current
behavior desired?

Technically, there is a bug here. When we are reading the request method
   if we see CR or LF then the request is invalid and Tomcat should
return a 400 Bad Request.

If you could write this up in bugzilla that would be great.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message