Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PANIC: Huge security hole with webserving on OSXS?

At 8:22 PM +0200 4/29/03, Didde wrote:
Hey..

Please, tell me that I am the culprit in this situation and that this is not a problem which lies with Apache on OSXS!

Apache is setup to serve up "static" content, and a Servlet Container (Tomcat or Caucho Resin) is set up to handle requests for *.jsp's. Now, the problem is: Apache on the Mac is case sensitive / not case sensitive.. Which means:

http://www.foo.bar/foo.jsp >> Goes to the Servlet Container and the Java code is processed.

http://www.foo.bar/foo.JSP >> Does not equal http://www.foo.bar/foo.jsp to Apache so it will serve up the Java code within the page to the client, UNPROCESSED!

Geeez, c'mon here.. There must be a way for Apache to know that *.JSP and *.jsp are the same thing?????

Please, anyone??

Known issue. I think the only true way around it is to format the drive as Unix, not Mac Extended.

But you can handle some of it with mod_rewrite.
--
Julia Frizzell
Systems Administrator/Help Desk Manager
The Education Alliance
222 Richmond Street, Suite 300
Providence, Rhode Island 02903-4226
email@hidden
401.274.9548 x311 or 800.521.9550 x311
401.421.7650 (fax)
http://www.alliance.brown.edu
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >PANIC: Huge security hole with webserving on OSXS? (From: Didde <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.