You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Randy Paries <ra...@unitnet.com> on 2002/12/19 17:19:55 UTC
RE: Should not be this hard(why is this a security risk)
That is what I needed ...
Thanks all
To follow this up, why is this a security risk?
Do they want specific mapping for each servlet?
Thanks
-----Original Message-----
From: PELOQUIN,JEFFREY (HP-Boise,ex1) [mailto:jeffrey.peloquin@hp.com]
Sent: Thursday, December 19, 2002 9:54 AM
To: 'Tomcat Users List'
Subject: RE: Should not be this hard
>>From the release notes
------------------------
Enabling invoker servlet:
------------------------
Starting with Tomcat 4.1.12, the invoker servlet is no longer available
by
default in all webapp. Enabling it for all webapps is possible by
editing $CATALINA_HOME/conf/web.xml to uncomment the "/servlet/*"
servlet-mapping definition.
Using the invoker servlet in a production environment is not recommended
and is unsupported.
-----Original Message-----
From: Randy Paries [mailto:randy.paries@unitnet.com]
Sent: Thursday, December 19, 2002 8:51 AM
To: 'Tomcat Users List'
Subject: Should not be this hard
Hello, me again
This should have been so easy (famous last words)
I am upgrading from tomcat jakarta-tomcat-4.0.4 to jakarta-tomcat-4.1.17
4.0.4 was working fine.....
For some reason I can not find my servlets ARG!
In my web.xml I have a <load-on-startup/> and in the log file , the
servlet Starts ok.... But if I goto
http://bart.mydomain.com:8080/servlet/uServlet
I get a 404.......
Here is some details. I have to be missing something very simple.
My static html and jsps work ok when I goto
http://bart.mydomain.com:8080/index.html
http://bart.mydomain.com:8080/jsp/dirgloblogin.jsp
But if I goto http://bart.mydomain.com:8080/servlet/uServlet
I get a 404
from the log file I get :
2002-12-19 09:42:13 StandardContext[]: Mapping contextPath='' with
requestURI='/servlet/uServlet' and relativeURI='/servlet/uServlet
2002-12-19 09:42:13 StandardContext[]: Trying exact match
2002-12-19 09:42:13 StandardContext[]: Trying prefix match
2002-12-19 09:42:13 StandardContext[]: Trying extension match
2002-12-19 09:42:13 StandardContext[]: Trying default match
2002-12-19 09:42:13 StandardContext[]: Mapped to servlet 'default' with
servlet path '/servlet/uServlet' and path info 'null' and update=true
2002-12-19 09:42:13 default: DefaultServlet.serveResource: Serving
resource '/servlet/uServlet' headers and data
In my server.xml I have
<Engine name="Standalone" defaultHost="localhost" debug="9">
<Host name="localhost" debug="0" appBase="/home/unit" unpackWARs="true"
autoDeploy="true">
<Context path=""
docBase="/home/unit"
crossContext="true"
debug="9"
reloadable="false" >
</Context>
#ls -ls /home/unit/WEB-INF/classes
total 104
32 -rwxrwxrwx 1 apache apache 32734 Dec 18 21:31
bbsServlet.class
4 drwxrwxrwx 3 apache apache 4096 Aug 24 22:19 com
36 -rw-rw-r-- 1 apache apache 33984 Nov 6 15:43
EditjsServlet.class
32 -rwxrwxrwx 1 apache apache 31030 Dec 18 21:31
uServlet.class
Thanks for any Help!!!
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Should not be this hard(why is this a security risk)
Posted by Dodd Gatsos <dg...@slb.com>.
Just a guess.......
Because someone could theoretically drop a servlet into your file system
programmed to issue commands passed in as a parameter and execute them as
root?
----- Original Message -----
From: "Randy Paries" <ra...@unitnet.com>
To: "'Tomcat Users List'" <to...@jakarta.apache.org>
Sent: Thursday, December 19, 2002 10:19 AM
Subject: RE: Should not be this hard(why is this a security risk)
> That is what I needed ...
>
> Thanks all
>
> To follow this up, why is this a security risk?
>
> Do they want specific mapping for each servlet?
>
> Thanks
>
> -----Original Message-----
> From: PELOQUIN,JEFFREY (HP-Boise,ex1) [mailto:jeffrey.peloquin@hp.com]
> Sent: Thursday, December 19, 2002 9:54 AM
> To: 'Tomcat Users List'
> Subject: RE: Should not be this hard
>
>
> >From the release notes
>
> ------------------------
> Enabling invoker servlet:
> ------------------------
>
> Starting with Tomcat 4.1.12, the invoker servlet is no longer available
> by
> default in all webapp. Enabling it for all webapps is possible by
> editing $CATALINA_HOME/conf/web.xml to uncomment the "/servlet/*"
> servlet-mapping definition.
>
> Using the invoker servlet in a production environment is not recommended
> and is unsupported.
>
> -----Original Message-----
> From: Randy Paries [mailto:randy.paries@unitnet.com]
> Sent: Thursday, December 19, 2002 8:51 AM
> To: 'Tomcat Users List'
> Subject: Should not be this hard
>
>
> Hello, me again
>
> This should have been so easy (famous last words)
>
> I am upgrading from tomcat jakarta-tomcat-4.0.4 to jakarta-tomcat-4.1.17
> 4.0.4 was working fine.....
>
> For some reason I can not find my servlets ARG!
>
> In my web.xml I have a <load-on-startup/> and in the log file , the
> servlet Starts ok.... But if I goto
> http://bart.mydomain.com:8080/servlet/uServlet
> I get a 404.......
>
> Here is some details. I have to be missing something very simple.
>
> My static html and jsps work ok when I goto
> http://bart.mydomain.com:8080/index.html
> http://bart.mydomain.com:8080/jsp/dirgloblogin.jsp
>
> But if I goto http://bart.mydomain.com:8080/servlet/uServlet
> I get a 404
>
> from the log file I get :
>
> 2002-12-19 09:42:13 StandardContext[]: Mapping contextPath='' with
> requestURI='/servlet/uServlet' and relativeURI='/servlet/uServlet
>
> 2002-12-19 09:42:13 StandardContext[]: Trying exact match
> 2002-12-19 09:42:13 StandardContext[]: Trying prefix match
> 2002-12-19 09:42:13 StandardContext[]: Trying extension match
> 2002-12-19 09:42:13 StandardContext[]: Trying default match
> 2002-12-19 09:42:13 StandardContext[]: Mapped to servlet 'default' with
> servlet path '/servlet/uServlet' and path info 'null' and update=true
> 2002-12-19 09:42:13 default: DefaultServlet.serveResource: Serving
> resource '/servlet/uServlet' headers and data
>
>
> In my server.xml I have
>
> <Engine name="Standalone" defaultHost="localhost" debug="9">
>
> <Host name="localhost" debug="0" appBase="/home/unit" unpackWARs="true"
> autoDeploy="true">
>
> <Context path=""
> docBase="/home/unit"
> crossContext="true"
> debug="9"
> reloadable="false" >
> </Context>
>
>
> #ls -ls /home/unit/WEB-INF/classes
> total 104
> 32 -rwxrwxrwx 1 apache apache 32734 Dec 18 21:31
> bbsServlet.class
> 4 drwxrwxrwx 3 apache apache 4096 Aug 24 22:19 com
> 36 -rw-rw-r-- 1 apache apache 33984 Nov 6 15:43
> EditjsServlet.class
> 32 -rwxrwxrwx 1 apache apache 31030 Dec 18 21:31
> uServlet.class
>
> Thanks for any Help!!!
>
>
>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
> --
> To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>