Yes, we would probably use some tools to build the web.xml.
Currently our applications has something between 1 to 15000 servlets.
Mapping to "/servlet/*" how it works now, a normal URL is
"http://host:8080/webapp/servlet/myservlet";. But then I tried to remove the
"/servlet/" from the URL,
Thanks Tim.
If this is the case I could make it weight-in in the matter of building a
well formed web.xml.
Although it could take some time.
Mapping each servlet to an "/*" url-pattern will avoid us from using invoker
and at the same time get rid of "/servlet" in the URL and keep images under
"/
I agree with you.
The static resources where never a problem to me, but since I messed with
the web.xml they started to behave oddly.
Maybe this line is causing trouble:
invoker
/*
It used to be:
invoker
/servlet/*
What do you think? Can this
Thanks a lot André for taking the time in explaining.
Currently we do not have this kind of attacks because the app runs in an
intranet. But I know that in this closed scenario we should beware of the
users.
Hopefully, someday, we will be able to properly map this application in
web.xml and leav
I thought the filter would allow me to serve the static resources under
"/images/".
I understand if it is in order to make invoker more secure.
But what I'm actually trying to achieve is the proper serving of resources.
I don't know exactly why, but mapping the default servlet to "/*" is not
wor
I know we are going a little off the original topic, but for me this is very
interesting.
I think I understand your point:
Any library in /webapp/lib/ that has access to executing linux
commands (as you point) could be executed as well from any browser.
If invoker is not enabled,
Interesting Tim. But a little confusing for me.
Never used filters, but for what you said and I googled: I would have to
build a filter and map it to "/images/*", right?
Something like:
Resource filter
com.mycompany.resourcefilter
Resource filter mapped
Thanks Mark.
I'll try to upgrade to the latest then.
Invoker: I know it is bad (even more than the overlord), probably don't know
how bad or the impact it has in usage, but for now it works.
I've read some about it, but never could really understand the problems it
brings.
In our current situat
Dear all,
I'm faceing the following problem in tomcat (probably just
configuration).
I have a WEBAPP which uses the "invoker" servlet (i know how
bad it is, but for now it gets the job done).
The static content
Thanks Ronald and Pid for the help.
Honestly I don't know if this parameters thing is really a performance issue,
but I've been assigned to work on it so I don't have much choice, ;).
I liked the idea of a class handling the attributes in ServletContext.
I'll give it a try and let you know of t
Dear All,
I'm currently using Tomcat 6.0.28 and having some doubt on
how to solve and implement this problem:
My webapp has a MySQL Database with a table
named "parameters", in which we have just two columns ("property" and
"value"). This table is
Thanks a lot for such a fast answer but actually I'm a newbie and really
don't know how to do what you proposed.
How can I find out if I have an Apache HTTPD server??? Or if it listens to
port 80???
The folders under my Tomcat goes like this (very simlilar to the one in
SUSE):
+ Tomcat
+
> I'm running tomcat 5.0 in a SUSE environment.
> To access the webapp the user has to enter in a web browser
> "app.server:8443" and it automatically redirects to
> "https://app.server:8443/myapp/servlet/login"; (this is made with an
> index.htm in the ROOT context). What I have been looking for i
13 matches
Mail list logo
