facebook

Security Risk MyEclipse Maven Tomcat 7.0.23 Exploded Deploy

  1. MyEclipse Archived
  2.  > 
  3. Bugs
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #323962 Reply

    Tony Herstell
    Participant

    I can finally report that I have traced ONE instance (repeatable) that causes extraneous files to be dumped into the webapps area of Tomcat 7.

    This is probably a security risk too as one of the files is persistance.xml with passwords!

    With a Maven project that has been exploded deployed simply start MyEclipse from scratch (possibly with -clean) and force a save of the pom.xml and the pom.xml file will be put into base webapps directory.

    I check the webapps folder a lot now to see if MyEclipse has bunged files in there…

    Sometime it can be a LOT of config files and this gives some very strange errors.

    I hope you manage to repeat at your end as it may show up why all the others end up in there too!

    🙂

    UPDATE: Also does it for:
    import.sql
    messages.properties
    orchestration.xml

    UPDATE:
    They also get bunged in the base area of the project too it seems.

    #323964 Reply

    Tony Herstell
    Participant

    In fact.. when you first start up it seems all the files get dumped in there…

    Attachments:
    You must be logged in to view attached files.
    #323965 Reply

    Tony Herstell
    Participant

    This should be in Bugs I guess (Sorry).

    #324323 Reply

    Tony Herstell
    Participant

    Please move to bugs…

    #324370 Reply

    Brian Fernandes
    Moderator

    Tony,

    Sorry, didn’t notice this post earlier. Can you give me a few additional details on the structure of the application you are deploying? Are you deploying a single Maven web project or is this an EAR with a web module? Does the web project have any dependent Java projects?

    The extra files that are being copied into the deploy root, which project and location are they originally from? You mentioned they get bunged int eh base area of the project – so I assume they were not in the root of the project to start with.

    Do you have Deployment Assembly enabled for your web project? Got to project properties > MyEclipse > Deployment Assembly – is it enabled? If so, can you enumerate the mappings that are listed there?

    #324372 Reply

    Tony Herstell
    Participant

    Are you deploying a single Maven web project or is this an EAR with a web module? Does the web project have any dependent Java projects?

    Single war project; no dependent projects

    The extra files that are being copied into the deploy root, which project and location are they originally from

    Same project

    You mentioned they get bunged int eh base area of the project – so I assume they were not in the root of the project to start with.

    They are just boilerplate code from the various areas that need to be setup in a JSF/Maven project (e.g. src/main/resource)

    Do you have Deployment Assembly enabled for your web project? Got to project properties > MyEclipse > Deployment Assembly – is it enabled? If so, can you enumerate the mappings that are listed there?

    Attachments:
    You must be logged in to view attached files.
Viewing 6 posts - 1 through 6 (of 6 total)
Reply To: Security Risk MyEclipse Maven Tomcat 7.0.23 Exploded Deploy

You must be logged in to post in the forum log in