anyone know anything about the ini parameter:
HTTPAllowDecodedUrlPercent=1
we found this:
we are trying to figure out how much of an issue this is, and whether it might be a bad thing to enable. i’m trying to figure out what it really exposes on the server, or how it might make our applications more vulnerable.
anyone know?
Subject: HTTPAllowDecodedUrlPercent
Hi John,
Yes, HTTPAllowDecodedUrlPercent is a parameter witch can set in the notes.ini and it describes how the domino http server handle the “%” sign in url-pattern (parts of the url).
You shold not set this parameter to HTTPAllowDecodedUrlPercent=1.
→ You sould program your applications without “%” in the design elements. Than, you never have some issues.
Regards,
The Noldy
Subject: RE: HTTPAllowDecodedUrlPercent
Thanks!
This isn’t about our application architecture, it is about attachments with the % character in the file names.