|
¾È³çÇϼ¼¿ä
Ãë¾àÁ¡ Á¶Ä¡ ÁßÀε¥.. ÈÄ..
¾î¶»°Ô ¼ÕÀ» ´ë¾ßµÉÁö ¸ð¸£°Ú¾î¼ µµ¿ò ¿äû µå¸³´Ï´Ù
¼¹ö ȯ°æ
IIS 5.0 + Tomcat 5.5
( IIS ¿Í ÅèÄÏÀº ÀÚÄ«¸£Å¸·Î ¿¬°áµÇ¾î ÀÖ½À´Ï´Ù. )
°³¹ß¾ð¾î
JSP
Ãë¾àÁ¡ À¯Çü
Macromedia JRun ¼Ò½º ÄÚµå À¯Ãâ
´ÙÁß º¥´õ Java ¼ºí¸´ ¼Ò½º ÄÚµå À¯Ãâ
Á¢±Ù¹æ¹ý
1. .JSP ( ´ë¹®ÀÚ )
2. .jsp%c0%80
À§ Á¢±Ù¹æ¹ýÀ¸·Î Á¢¼ÓÇÏ°Ô µÇ¸é ¼Ò½º Äڵ尡 ³ëÃâµÇ¾î
±×°ÍÀ» ¸·´Â ¹æ¹ýÀ» ã°í ÀÖ½À´Ï´Ù.
Âü°í URL
http://blog.naver.com/PostView.nhn?blogId=jkfirst&logNo=120174457703&redirect=Dlog&widgetTypeCall=true
=================================================================================
2. .JSP Á¢±Ù ¹æ¹ý ½Ãµµ ÇÑ°ÍÀÔ´Ï´Ù.
³»¿ë : tomcat web.xml ¼³Á¤¿¡ Ãß°¡ ½Ãµµ
°á°ú : ¸·È÷Áö ¾Ê¾Ò½À´Ï´Ù.
<security-constraint>
<display-name>JSP Protection</display-name>
<web-resource-collection>
<web-resource-name>SecureJSPPages</web-resource-name>
<url-pattern>*.JSP</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>nobody</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>
Nobody should be in this role so JSP files are protected
from direct access.
</description>
<role-name>nobody</role-name>
</security-role>
| 
µî·Ï¾È³»
µî·Ï¾È³»