cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. Burton" <bur...@relativity.yi.org>
Subject Re: XSP and file:// <-- Security issues?
Date Sun, 26 Mar 2000 20:18:17 GMT
"Stevenson, Chris (SSABSA)" wrote:
> 
> > I am having trouble getting the XSP logicsheets located with file://
> > file://C:/java/jakarta-tomcat/webapps/ROOT/XSL/JavaXML.xsp.xsl
> > Unknown host: C:
> 
> Forgive me if this is a naive question, but are there any rules
> for which file:/// urls are accessible from within cocoon?
> 
> For example: suppose I am an ISP wanting to run Apache and
> make tomcat available for my clients to run their own webapps.
> 
> They can drop their apps into a public_webapp directory, and
> tomcat automatically loads them.
<snip>

Right.  This is standard security stuff and not really Cocoon related. 
If you do somethign stupid like running Cocoon as root this will
happen.  Run it as a regular user.  Then tighten down security.

Kevin

-- 
Kevin A Burton (burton@apache.org)
http://relativity.yi.org
Message to SUN:  "Please Open Source Java!"
"For evil to win is for good men to do nothing."

Mime
View raw message