Requires Free Membership to View
According to the Tomcat 5.0 release notes:
"Having CGI and SSI available to web applications created security problems when using a security manager (as a malicious Web application could use them to sidestep the security manager access control). In Tomcat 5.0, they have been disabled by default, as our goal is to provide a fully secure default configuration. However, CGI and SSI remain available.
To enable CGI:
- rename the file $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA_HOME/server/lib/servlets-cgi.jar.
- in $CATALINA_HOME/conf/web.xml, you will need to uncomment 2 areas, the servlet declaration and the servlet mapping. The servlet declaration looks similar to this:
<servlet>
<servlet-name>cgi</servlet-name>
...
</servlet>
While the servlet mapping looks similar to this:
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>/cgi-bin/*</url-pattern>
</servlet-mapping>
Alternately, these servlet declarations and mappings can be added to your Web application deployment descriptor.
To enable SSI:
- * rename the file $CATALINA_HOME/server/lib/servlets-ssi.renametojar to $CATALINA_HOME/server/lib/servlets-ssi.jar.
- in $CATALINA_HOME/conf/web.xml, you will need to uncomment 2 areas, the servlet declaration and the servlet mapping. The servlet declaration looks similar to this:
<servlet>
<servlet-name>ssi</servlet-name>
...
</servlet>
While the servlet mapping looks similar to this:
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
Alternately, these servlet declarations and mappings can be added to your Web application deployment descriptor."
This was first published in October 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation