ResourceManager/RequestHandler and security issues
ResourceManager/RequestHandler and security issues
- Subject: ResourceManager/RequestHandler and security issues
- From: Oliver Scheel <email@hidden>
- Date: Wed, 28 May 2008 19:35:36 +0200
I like the way to deploy (low traffic) WO apps as SSDD and serving
static resources from the extracted WAR thru tomcat. Now the path
which is passed to handleRequest is not validated against e.g.
WEBINFROOT. This means it is possible to request any file from the
server that is world readable.
Currently I use the ERXStaticResourceRequestHandler which doesn't do
these checks. Is there perhaps already a solution out there or does it
make more sense to write my own (or on base on the Wonder stuff)?
It seems that not so many deplay WO as a servlet, but I think it is
more complient to get into the J2EE world ;-) And it works really great!
Oliver
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden