Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

ResourceManager/RequestHandler and security issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ResourceManager/RequestHandler and security issues

Subject: ResourceManager/RequestHandler and security issues
From: Oliver Scheel <email@hidden>
Date: Wed, 28 May 2008 19:35:36 +0200

I like the way to deploy (low traffic) WO apps as SSDD and serving static resources from the extracted WAR thru tomcat. Now the path which is passed to handleRequest is not validated against e.g. WEBINFROOT. This means it is possible to request any file from the server that is world readable.

Currently I use the ERXStaticResourceRequestHandler which doesn't do these checks. Is there perhaps already a solution out there or does it make more sense to write my own (or on base on the Wonder stuff)?

It seems that not so many deplay WO as a servlet, but I think it is more complient to get into the J2EE world ;-) And it works really great!

Oliver

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: ResourceManager/RequestHandler and security issues
  - From: Anjo Krank <email@hidden>
- Re: ResourceManager/RequestHandler and security issues
  - From: Don Lindsay <email@hidden>

Prev by Date: Re: Install WO 5.3/WOLips on Ubuntu
Next by Date: Re: ResourceManager/RequestHandler and security issues
Previous by thread: ERXServletAdaptor source?
Next by thread: Re: ResourceManager/RequestHandler and security issues
Index(es):
- Date
- Thread