Browsed by
Category: Java

Server-side upload verification with Taffy and Lucee

Server-side upload verification with Taffy and Lucee

I was dismayed to learn recently that every image upload process I had ever developed before now was vulnerable to improper file uploads. Like many developers, I used the HTML <input type=”file”> type form fields to allow users to upload images. I made sure to restrict (I thought) those uploads to just images, but it turns out that a lot of the “security” around image uploads is based on nothing more than the file extension or, even worse, on the…

Read More Read More

Methods to address a slow Tomcat/Railo/Lucee startup

Methods to address a slow Tomcat/Railo/Lucee startup

Recently my technicians and I encountered an issue with a hosting customer who had an interesting situation between two VPS Accounts that he owns. The first VPS had a relatively quick startup time (under a minute), and the second VPS had an extremely slow startup time (above 5 minutes). Both VM’s were relatively similar, and both served a great number of sites. The following are the two options that corrected the issue: OPTION 1 Set property in TOMCAT_HOME/conf/catalina.properties: org.apache.catalina.startup.ContextConfig.jarsToSkip=*.jar This…

Read More Read More

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

Railo/Lucee CGI remote_addr/remote_host says 127.0.0.1

When installed on to a Linux/Apache machine, the Railo installers will install mod_proxy_http as the default connector for Apache to Tomcat/Railo. The result is the same as you’d get with any other proxy, where the remote host is replaced with the address of the proxy (in this case 127.0.0.1) and the original requester’s IP address is placed in the “X-Forward-For” header. If you need to find the original requestors IP address you can accomplish this in one of two easy…

Read More Read More