MyEclipse Forums
This thread has been locked & this forum has been archived.
Please post new topics to General Development
View previous topic Printable version Log in to check your private messages View next topic
Author Message
balanceofpower
Post subject: Security Risk MyEclipse Maven Tomcat 7.0.23 Exploded Deploy  PostPosted: Mar 05, 2012 - 05:55 PM
Registered Member
Registered Member


Joined: Mar 10, 2005
Posts: 286

I can finally report that I have traced ONE instance (repeatable) that causes extraneous files to be dumped into the webapps area of Tomcat 7.

This is probably a security risk too as one of the files is persistance.xml with passwords!

With a Maven project that has been exploded deployed simply start MyEclipse from scratch (possibly with -clean) and force a save of the pom.xml and the pom.xml file will be put into base webapps directory.

I check the webapps folder a lot now to see if MyEclipse has bunged files in there...

Sometime it can be a LOT of config files and this gives some very strange errors.

I hope you manage to repeat at your end as it may show up why all the others end up in there too!

:)

UPDATE: Also does it for:
import.sql
messages.properties
orchestration.xml
...


UPDATE:
They also get bunged in the base area of the project too it seems.
 
 View user's profile Send private message  
Reply with quote Back to top
balanceofpower
Post subject:   PostPosted: Mar 05, 2012 - 06:02 PM
Registered Member
Registered Member


Joined: Mar 10, 2005
Posts: 286

In fact.. when you first start up it seems all the files get dumped in there...
 
 View user's profile Send private message  
Reply with quote Back to top
balanceofpower
Post subject:   PostPosted: Mar 05, 2012 - 06:03 PM
Registered Member
Registered Member


Joined: Mar 10, 2005
Posts: 286

This should be in Bugs I guess (Sorry).
 
 View user's profile Send private message  
Reply with quote Back to top
balanceofpower
Post subject:   PostPosted: Mar 16, 2012 - 02:16 AM
Registered Member
Registered Member


Joined: Mar 10, 2005
Posts: 286

Please move to bugs...
 
 View user's profile Send private message  
Reply with quote Back to top
Support-Brian
Post subject:   PostPosted: Mar 18, 2012 - 09:49 PM
Moderator
Moderator


Joined: Aug 21, 2004
Posts: 2583

Tony,

Sorry, didn't notice this post earlier. Can you give me a few additional details on the structure of the application you are deploying? Are you deploying a single Maven web project or is this an EAR with a web module? Does the web project have any dependent Java projects?

The extra files that are being copied into the deploy root, which project and location are they originally from? You mentioned they get bunged int eh base area of the project - so I assume they were not in the root of the project to start with.

Do you have Deployment Assembly enabled for your web project? Got to project properties > MyEclipse > Deployment Assembly - is it enabled? If so, can you enumerate the mappings that are listed there?

_________________
Brian
MyEclipse Support
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
balanceofpower
Post subject:   PostPosted: Mar 18, 2012 - 10:10 PM
Registered Member
Registered Member


Joined: Mar 10, 2005
Posts: 286

Quote:
Are you deploying a single Maven web project or is this an EAR with a web module? Does the web project have any dependent Java projects?

Single war project; no dependent projects


Quote:
The extra files that are being copied into the deploy root, which project and location are they originally from

Same project

Quote:
You mentioned they get bunged int eh base area of the project - so I assume they were not in the root of the project to start with.

They are just boilerplate code from the various areas that need to be setup in a JSF/Maven project (e.g. src/main/resource)

Quote:
Do you have Deployment Assembly enabled for your web project? Got to project properties > MyEclipse > Deployment Assembly - is it enabled? If so, can you enumerate the mappings that are listed there?
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 6 Hours
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
View previous topic Printable version Log in to check your private messages View next topic
Powered by PNphpBB2 © 2003-2004 The PNphpBB Group
Credits