You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kiran Badi <ki...@poonam.org> on 2015/09/04 21:19:32 UTC
doDelete Servlet
Hi ,
I have CRUD Multipart request and I have implemented it correctly works
fine at my local host.
I have upload upload pdf and tiff files, all this implemented via ajax call
using onchange handler on file input multiple tag.
The challenge I am having is that doDelete just deletes the file with the
request on server, but their is no protection.
How do I protect doDelete call from getting misused ?
Is their something in Tomcat I can use to protect doDelete vals from
getting misused ?
- Kiran
Re: doDelete Servlet
Posted by Kiran Badi <ki...@poonam.org>.
Yup I solved this , just not deleting anything, I am not just setting flag
to yes or no.
Thanks Chris.
On Fri, Sep 4, 2015 at 3:44 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Kiran,
>
> On 9/4/15 3:19 PM, Kiran Badi wrote:
> > I have CRUD Multipart request and I have implemented it correctly
> > works fine at my local host.
> >
> > I have upload upload pdf and tiff files, all this implemented via
> > ajax call using onchange handler on file input multiple tag.
> >
> > The challenge I am having is that doDelete just deletes the file
> > with the request on server, but their is no protection.
> >
> > How do I protect doDelete call from getting misused ?
> >
> > Is their something in Tomcat I can use to protect doDelete vals
> > from getting misused ?
>
> How do you do user authentication and authorization? The doDelete
> method should be protected by default if you have enabled
> container-managed authentication and authorization.
>
> Also, the default doDelete method should be a no-op and therefore
> safe. If you have implemented your own doDelete method, you can use
> whatever safety-checks you with in order to prevent misuse.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>
> iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz
> DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M
> mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M
> uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn
> m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f
> h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B
> RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq
> 8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF
> DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B
> AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW
> 6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1
> D45cr+g1BxpWZxe4r0Wx
> =wWvm
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: doDelete Servlet
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kiran,
On 9/4/15 3:19 PM, Kiran Badi wrote:
> I have CRUD Multipart request and I have implemented it correctly
> works fine at my local host.
>
> I have upload upload pdf and tiff files, all this implemented via
> ajax call using onchange handler on file input multiple tag.
>
> The challenge I am having is that doDelete just deletes the file
> with the request on server, but their is no protection.
>
> How do I protect doDelete call from getting misused ?
>
> Is their something in Tomcat I can use to protect doDelete vals
> from getting misused ?
How do you do user authentication and authorization? The doDelete
method should be protected by default if you have enabled
container-managed authentication and authorization.
Also, the default doDelete method should be a no-op and therefore
safe. If you have implemented your own doDelete method, you can use
whatever safety-checks you with in order to prevent misuse.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV6fSSAAoJEBzwKT+lPKRYa60QAJMiKXcobGQ0RK/7e515DKEz
DEa34PrMGaiLvrFlw0Y9UwiS3wnUl1isRXycTTuIVFGr6uFUkRvWFcT7d1QM0s2M
mm3kIEPbtMQR54Exr0r9zGE1Ds+wWzPz12s/F4B3Wt1WKdqaobPLMTucD1Mvha/M
uAOFUBCGNhH7hQnu2w0Vcj9vNoEQnezSrgj8DtovxOT/lfDugJ6P3ToJEIG/tlEn
m3qMEkeIqZvGP+fRYHdAxNYoSrOJ3EDvKMxjIOFHWzHNZ/eVBQCn7qg8TaiOPf4f
h7q6bS2p0XZzzyXG9vamaMDepVCffXAfiC7Me6gDuPWd+J7/iabAgd8r1qhbKW4B
RbzTXKQ7yETYxqIVg3wzTUsCKJ8w/mzmKBz7VierYvrWOI0fu/14MbynZUSySnuq
8fr+tTmAmQddJ34vmiCBfYhhYGBQgNXQM/cL5wS5gpdUufnA5Lzr93rJFEBcAajF
DLiOYEkfm+I8XPxP8ih25wceMvdf+y7NCBRu6c6zPb+/aCrjZEMyofS7+b92gK8B
AuwK3o2Xhb/vU/NThJXGW/vbzkCQTMJpZuePSP6yMpSjkPuTb7mysKIfqFsmC3dW
6ctigwiYJYkK3xzP8RV4pdNGJTdjxMnWtvx0cDYQ1Zee+55UhJXp5LvKvwTeB8b1
D45cr+g1BxpWZxe4r0Wx
=wWvm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org