On Thu, 23 Aug 2001, Jason Hunter wrote: > Hmm... I wonder if Tomcat has the right to make illegal what HTTP would > allow? My understanding is that a URL _can_ be transformed - and all servers are normalizing it before matching. The problem is that the servlet spec defines the mappings in a very strict way - exact matching, etc - and the other big problem is that the spec requires "original URLs" to be returned. That leaves us very little else to do than reject all 'suspect' URLs ( otherwise anyone can pass the security constraings with a simple /./ in the URL ) Costin
- Tomcat 3.2.3 and getPathInfo Jason Hunter
- RE: Tomcat 3.2.3 and getPathInfo Marc Saegesser
- Re: Tomcat 3.2.3 and getPathInfo Jason Hunter
- RE: Tomcat 3.2.3 and getPathInfo cmanolache
- RE: Tomcat 3.2.3 and getPathInfo Marc Saegesser
- RE: Tomcat 3.2.3 and getPathInfo Larry Isaacs
- RE: Tomcat 3.2.3 and getPathInfo cmanolache
- RE: Tomcat 3.2.3 and getPathInfo Larry Isaacs
- Re: Tomcat 3.2.3 and getPathInfo Jason Hunter
- Re: Tomcat 3.2.3 and getPathInfo Justin Erenkrantz
- RE: Tomcat 3.2.3 and getPathInfo Marc Saegesser
- Re: Tomcat 3.2.3 and getPathInfo Jason Hunter
- RE: Tomcat 3.2.3 and getPathInfo Marc Saegesser
- Re: Tomcat 3.2.3 and getPathInfo Jason Hunter
