tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: doDelete Servlet
Date Fri, 04 Sep 2015 19:44:18 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kiran,

On 9/4/15 3:19 PM, Kiran Badi wrote:
> I have CRUD Multipart request and I have implemented it correctly
> works fine at my local host.
> 
> I have upload upload pdf and tiff files, all this implemented via
> ajax call using onchange handler on file input multiple tag.
> 
> The challenge I am having is that doDelete just deletes the file
> with the request on server, but their is no protection.
> 
> How do I protect doDelete call from getting misused ?
> 
> Is their something in Tomcat I can use to protect doDelete vals
> from getting misused ?

How do you do user authentication and authorization? The doDelete
method should be protected by default if you have enabled
container-managed authentication and authorization.

Also, the default doDelete method should be a no-op and therefore
safe. If you have implemented your own doDelete method, you can use
whatever safety-checks you with in order to prevent misuse.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz
DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M
mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M
uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn
m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f
h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B
RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq
8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF
DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B
AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW
6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1
D45cr+g1BxpWZxe4r0Wx
=wWvm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message