Re: ResourceManager/RequestHandler and security issues
Re: ResourceManager/RequestHandler and security issues
- Subject: Re: ResourceManager/RequestHandler and security issues
- From: Don Lindsay <email@hidden>
- Date: Wed, 28 May 2008 13:48:22 -0400
Hello;
To serve images and CSS files through tomcat, you can put your images
and files in the ROOT webapp under the WEBAPPS directory, I place my
images in a directory named images. If you are using the JK
connector you put them on your webserver in the root directory and
images directory .
I have been told that you should not use tomcat to serve static files,
as this is not what it is designed for. It works fine for me in a
test environment, in production I use JK and place static files in the
IIS wwwroot directory.
Thanks,
don
On May 28, 2008, at 1:35 PM, Oliver Scheel wrote:
I like the way to deploy (low traffic) WO apps as SSDD and serving
static resources from the extracted WAR thru tomcat. Now the path
which is passed to handleRequest is not validated against e.g.
WEBINFROOT. This means it is possible to request any file from the
server that is world readable.
Currently I use the ERXStaticResourceRequestHandler which doesn't do
these checks. Is there perhaps already a solution out there or does
it make more sense to write my own (or on base on the Wonder stuff)?
It seems that not so many deplay WO as a servlet, but I think it is
more complient to get into the J2EE world ;-) And it works really
great!
Oliver
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
@mac.com
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden