Return-Path: Mailing-List: contact cocoon-dev-help@xml.apache.org; run by ezmlm Delivered-To: mailing list cocoon-dev@xml.apache.org Received: (qmail 23412 invoked from network); 27 Mar 2000 08:18:48 -0000 Received: from 220-49-22-12.user.darwin.net (HELO relativity.yi.org) (root@12.22.49.220) by locus.apache.org with SMTP; 27 Mar 2000 08:18:48 -0000 Received: from relativity.yi.org (IDENT:root@relativity.yi.org [127.0.2.1]) by relativity.yi.org (8.9.3/8.8.7) with ESMTP id MAA31088 for ; Sun, 26 Mar 2000 12:18:19 -0800 Sender: root@relativity.yi.org Message-ID: <38DE7089.E72E6AD6@relativity.yi.org> Date: Sun, 26 Mar 2000 12:18:17 -0800 From: "Kevin A. Burton" X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.12 i686) X-Accept-Language: en MIME-Version: 1.0 To: cocoon-dev@xml.apache.org Subject: Re: XSP and file:// <-- Security issues? References: <3390FF2B0DE0D21183B30008C70D751A022D17AE@SAGEMSG0003.sagemsmrd01.sa.gov.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N "Stevenson, Chris (SSABSA)" wrote: > > > I am having trouble getting the XSP logicsheets located with file:// > > file://C:/java/jakarta-tomcat/webapps/ROOT/XSL/JavaXML.xsp.xsl > > Unknown host: C: > > Forgive me if this is a naive question, but are there any rules > for which file:/// urls are accessible from within cocoon? > > For example: suppose I am an ISP wanting to run Apache and > make tomcat available for my clients to run their own webapps. > > They can drop their apps into a public_webapp directory, and > tomcat automatically loads them. Right. This is standard security stuff and not really Cocoon related. If you do somethign stupid like running Cocoon as root this will happen. Run it as a regular user. Then tighten down security. Kevin -- Kevin A Burton (burton@apache.org) http://relativity.yi.org Message to SUN: "Please Open Source Java!" "For evil to win is for good men to do nothing."