you guys are Awesome thanks a lot.
On 9/26/07, Mitesh Shah <[EMAIL PROTECTED]> wrote: > > > To disable directory listing, change tag value to 'false' for init > parameter > of listing in web.xml > > <init-param> > <param-name>listings</param-name> > <param-value>FALSE</param-value> > </init-param> > > > Mitesh Shah > Hosted Services Engineer > eClinicalWorks LLC > > -----Original Message----- > From: alla winter [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 26, 2007 2:00 PM > To: Tomcat Users List; [EMAIL PROTECTED] > Subject: Re: Security restrictions for Tomcat > > OK, I got it, the content type will do the trick. Thanks > > But I would appreciate if you answer on my second question regarding the > directory listing > I can see all the directory listing except WEB-INF directory. I am using > all default XMLs for configuration without any changes, except web.xmlwere > I defined my servlets. > What should I do to disallow the directory listing? > thanks > > > On 9/26/07, Pid <[EMAIL PROTECTED]> wrote: > > > > alla winter wrote: > > > I am confused now > > > web.xml instructs Tomcat what application needs to be called for a > given > > > MIME type > > > > No, unless you've got some weird setup on a windows machine Tomcat is > > not opening MSWord. The mime type is sent to the browser in an http > > header, and the browser decides what to open it with. > > > > For example, if you didn't have MSWord installed, but had, say, > > OpenOffice, you could find that OpenOffice opens the file. > > > > > for example: > > > - <mime-mapping> > > > <extension>rtf</extension> > > > <mime-type>application/vnd.ms-word</mime-type> > > > </mime-mapping> > > > > > > Tomcat pass the request to the third party application based on the > > MIME > > > type, so if I show the link to the .RTF file and the user selects the > > link, > > > the Microsoft Word will display the selected file. The same with PDF > > files > > > - the the ADOBE reader is invoked > > > My undesraning is that by writing file bytes to the servlet output, I > am > > > just creating and HTML file where the file content is a body of the > HTML > > > > Again no, the output is handled by the browser - if you set: > > > > Content-Type: text/html > > > > the browser will do as it's told and try to process the output as an > > HTML file. > > > > > > > > > But if I output the bytes of the file to the servlet output, it will > > look > > > the same way as I would open RTF file in the notepad - with all > controll > > > characters inside. > > > Unless I am missing something here... > > > > Yes, the Content-Type header is the key to this. > > > > p > > > > > > > As far as directory listing - yes, I do see the directory listing for > > all > > > folders that are underneath of my application except WEB-INF and I > > didn't do > > > any special set up for that - I am using all default XMLs except the > > > web.xmlwhere I am defining my servlets. > > > > > > I appreciate your help. > > > thanks > > > > > > On 9/26/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > > > Alla, > > > > > > alla winter wrote: > > >>>> Thanks for the quick response. > > >>>> So, I want to make sure that understand it right : you are > proposing > > > that > > >>>> the servlet should display the file, instead of allowing Tomcat to > > > invoke > > >>>> Microsoft Word to disply the file content. > > > I think you are misunderstanding what is really going on at a > > > fundamental level. Tomcat will never invoke Microsoft Word for any > > > reason, unless you have something truly crazy going on in the > > background. > > > > > > What I'm suggesting is that you write your own code to serve the > > > contents of a static file. It's pretty simple: open the file, write > the > > > appropriate HTTP headers, copy the bytes to the servlet output stream, > > > close all streams, and you are done. > > > > > >>>> The only issue with that is that > > >>>> the file is created in the RTF format and it has control characters > > that > > >>>> governs the formatting. > > > This is irrelevant. It doesn't matter if you are serving a text file > or > > > a PDF, you are just serving bytes to the web browser. > > > > > >>>> The second question was about how to set up TOMCAT not to allow the > > >>>> directory listing > > > Actually, I think you have to specifically enable directory listings. > If > > > you haven't enabled them, then you shouldn't be getting any. Are you > > > able to get a directory listing? > > > > > > -chris > > > > > >> > > --------------------------------------------------------------------- > > To start a new topic, e-mail: [email protected] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > --------------------------------------------------------------------- > > To start a new topic, e-mail: [email protected] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: [email protected] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
