[richfaces-issues] [JBoss JIRA] Commented: (RF-6525) rich:fileUpload createTempfiles directory should be made configurable.
Laura Bailey (JIRA)
jira-events at lists.jboss.org
Thu Jun 10 01:46:38 EDT 2010
[ https://jira.jboss.org/browse/RF-6525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12534863#action_12534863 ]
Laura Bailey commented on RF-6525:
----------------------------------
Documented as a known issue in the WFK 1.1 release notes:
When the <classname>rich:fileUpload</classname> control's <varname>createTempFile</varname>
is set to <literal>true</literal>, temp files are created in
<filename><replaceable>$INSTALL_DIR</replaceable>/temp</filename>. Previously this was
not configurable, and posed a security risk because the files would not be deleted
until application restart. The temp directory's location and behavior is now configurable.
> rich:fileUpload createTempfiles directory should be made configurable.
> ----------------------------------------------------------------------
>
> Key: RF-6525
> URL: https://jira.jboss.org/browse/RF-6525
> Project: RichFaces
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Affects Versions: 3.3.0
> Environment: All
> Reporter: sathya sayee
> Assignee: Konstantin Mishin
> Fix For: 3.3.4.BETA1, ENT_3.3.1.SP2
>
>
> rich:fileUpload control's createTempFile can be configured as init-param in web.xml.
> The real problem is when createTempfile is true, the temp files in linux environment gets created in the <tomcat installation directory>/temp. This should be configurable and poses a security risk since the temp files do not even get deleted until the application is restarted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-issues
mailing list