tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat 5.5 creates 0 byte files
Date Fri, 02 Jul 2010 09:11:28 GMT
André Warnier wrote:
...
> 
> The point is : allowing users to upload files to the server, and 
> allowing them to specify a path on the server, is dangerous and 
> difficult to do right.
> Better to use something that is already ready and debugged.
> 
Let me be more explicit, after having just a quick look at your code :

enter path : /etc
enter filename : passwd

or more devious :

enter path : /some/innocent/path
enter filename : ../../../../../etc/passwd

and your server would not last 2 minutes on the Internet.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message