You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Giuseppe Santamaria <gi...@hotmail.com> on 2007/03/15 12:38:50 UTC

Set caseSensitive="false" for "NOT case sensitive" BUT security problems?

Hi

I know which to set tomcat for
the NOT case sensitive, necessity to use the

<Context caseSensitive="false"> of the web application.

but this documentation 
(http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
)  say


"NOTE: This flag MUST NOT be set to false on the Windows platform (or
any other OS which does not have a case sensitive filesystem), as it
will disable case sensitivity checks, allowing JSP source code
disclosure, among other security problems."

Then there are serious security problems.

Is there a way to avoid which jsp code to be visible (in the browser)

through the request "filename.JSP" , in other words calling the file jsp 
with uppercase

extension?


Thanks & Regards,


Giuseppe Santamaria

_________________________________________________________________
Sai cosa è successo oggi?         http://notizie.msn.it


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org