You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Duncan <ds...@deckertelecom.net> on 2003/12/03 10:29:27 UTC
Include Files
When using Tomcat 4.0, I was able to include files in a directory above
my public web directory, but with tomcat 4.1, when I try to run the same
jsp, I get the error:
org.apache.jasper.JasperException: /main.jsp(3,0) File
"../Private/NormalTemplate.inc" not found
All casing etc is correct.
Is this a security fix, or should this still be possible?
Many thanks
Duncan Smith
Decker Telecom Ltd
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Include Files
Posted by Duncan <ds...@deckertelecom.net>.
Good plan.
Thanks Tim, didn't think of that one.
Tim Funk wrote:
> Place it in WEB-INF (or a subdirectory in WEB-INF)
>
> -Tim
>
> Duncan wrote:
>
> > So how does one get around this issue
> >
> > ie, how do you have an include file that is not accessable by a user, do people
> > set up a secure folder for these?
> >
> > Any suggestions?
> > - Duncan
> >
> > Tim Funk wrote:
> >
> >
> >>I would think this is a security fix. (Or a bug fix) I am surprised this was
> >>allowed in 4.0.
> >>
> >>-Tim
> >>
> >>Duncan wrote:
> >>
> >>
> >>>When using Tomcat 4.0, I was able to include files in a directory above
> >>>my public web directory, but with tomcat 4.1, when I try to run the same
> >>>jsp, I get the error:
> >>>
> >>>org.apache.jasper.JasperException: /main.jsp(3,0) File
> >>>"../Private/NormalTemplate.inc" not found
> >>>
> >>>All casing etc is correct.
> >>>
> >>>Is this a security fix, or should this still be possible?
> >>>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Include Files
Posted by Tim Funk <fu...@joedog.org>.
Place it in WEB-INF (or a subdirectory in WEB-INF)
-Tim
Duncan wrote:
> So how does one get around this issue
>
> ie, how do you have an include file that is not accessable by a user, do people
> set up a secure folder for these?
>
> Any suggestions?
> - Duncan
>
> Tim Funk wrote:
>
>
>>I would think this is a security fix. (Or a bug fix) I am surprised this was
>>allowed in 4.0.
>>
>>-Tim
>>
>>Duncan wrote:
>>
>>
>>>When using Tomcat 4.0, I was able to include files in a directory above
>>>my public web directory, but with tomcat 4.1, when I try to run the same
>>>jsp, I get the error:
>>>
>>>org.apache.jasper.JasperException: /main.jsp(3,0) File
>>>"../Private/NormalTemplate.inc" not found
>>>
>>>All casing etc is correct.
>>>
>>>Is this a security fix, or should this still be possible?
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Include Files
Posted by Duncan <ds...@deckertelecom.net>.
So how does one get around this issue
ie, how do you have an include file that is not accessable by a user, do people
set up a secure folder for these?
Any suggestions?
- Duncan
Tim Funk wrote:
> I would think this is a security fix. (Or a bug fix) I am surprised this was
> allowed in 4.0.
>
> -Tim
>
> Duncan wrote:
>
> > When using Tomcat 4.0, I was able to include files in a directory above
> > my public web directory, but with tomcat 4.1, when I try to run the same
> > jsp, I get the error:
> >
> > org.apache.jasper.JasperException: /main.jsp(3,0) File
> > "../Private/NormalTemplate.inc" not found
> >
> > All casing etc is correct.
> >
> > Is this a security fix, or should this still be possible?
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Include Files
Posted by Tim Funk <fu...@joedog.org>.
I would think this is a security fix. (Or a bug fix) I am surprised this was
allowed in 4.0.
-Tim
Duncan wrote:
> When using Tomcat 4.0, I was able to include files in a directory above
> my public web directory, but with tomcat 4.1, when I try to run the same
> jsp, I get the error:
>
> org.apache.jasper.JasperException: /main.jsp(3,0) File
> "../Private/NormalTemplate.inc" not found
>
> All casing etc is correct.
>
> Is this a security fix, or should this still be possible?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org