Task #1130
Story #1129: Tomcat needs to be configured to handle \ in URIs
Need to figure out if we want to configure tomcat to accept \ in a URI
Start date:
2010-12-02
Due date:
% Done:
100%
Milestone:
Product Version:
*
Story Points:
Sprint:
Description
Right now, if you pass \ (%5C) in a URI to tomcat, it ignores it silently and does not pass the request to the servlet. This is for security reasons as stated here: http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.10
Supposedly, this feature can be turned off, though I tried it and was unsuccessful getting a \ to work. The question is, should we enable this? It seems like a security hole that we might not want to handle. If it's an essential character than we have to handle it, but I'm not sure it is. Needs more discussion.
History
#1 Updated by Rob Nahf over 13 years ago
- Assignee set to Rob Nahf
- Priority changed from Normal to High
#2 Updated by Rob Nahf over 13 years ago
- Status changed from New to Closed
escaped slashes and backslashes determined to be essential characters.
