|
According to the Tomcat 5.0 release notes:
"Having CGI and SSI available to web applications created security problems when using a security manager (as a malicious Web application could use them to sidestep the security manager access control). In Tomcat 5.0, they have been disabled by default, as our goal is to provide a fully secure default configuration. However, CGI and SSI remain available.
To enable CGI:
- rename the file $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA_HOME/server/lib/servlets-cgi.jar.
- in $CATALINA_HOME/conf/web.xml, you will need to uncomment 2 areas, the servlet declaration and the servlet mapping. The servlet declaration looks similar to this:
<servlet>
<servlet-name>cgi</servlet-name>
...
</servlet>
While the servlet mapping looks similar to this:
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>/cgi-bin/*</url-pattern>
</servlet-mapping>
Alternately, these servlet declarations and mappings can be added to your Web application deployment descriptor.
To enable SSI:
- * rename the file $CATALINA_HOME/server/lib/servlets-ssi.renametojar to $CATALINA_HOME/server/lib/servlets-ssi.jar.
- in $CATALINA_HOME/conf/web.xml, you will need to uncomment 2 areas, the servlet declaration and the servlet mapping. The servlet declaration looks similar to this:
<servlet>
<servlet-name>ssi</servlet-name>
...
</servlet>
While the servlet mapping looks similar to this:
<servlet-mapping>
<servlet-name>ssi</servlet-name>
<url-pattern>*.shtml</url-pattern>
</servlet-mapping>
Alternately, these servlet declarations and mappings can be added to your Web application deployment descriptor."
|
