cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <d...@yahoo.com>
Subject RE: Security: cocoon.properties?
Date Fri, 22 Sep 2000 17:46:37 GMT
Per,

After moving the cocoon.properties to WEB-INF, your web.xml should specify cocoon.properties
as
follows:

        <param-name>
            properties
        </param-name>
        <param-value>
            WEB-INF/cocoon.properties
        </param-value>

Thanks,
dims

--- Per Kreipke <per@onclave.com> wrote:
> I'd already tried that, I get:
> 
> java.io.FileNotFoundException: D:\tomcat\webapps\samples\cocoon.properties
> (The system cannot find the file specified)
> 	at java.io.FileInputStream.open(Native Method)
> 	at java.io.FileInputStream.(FileInputStream.java:64)
> 	at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:6
> 9)
> 	at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection
> .java:133)
> 	at org.apache.cocoon.Cocoon.init(Cocoon.java:123)
> 	at
> org.apache.tomcat.core.ServletWrapper.initServlet(ServletWrapper.java:315)
> 	at
> org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWrapper.java:445)
> 	at org.apache.tomcat.core.ContextManager.service(ContextManager.java:559)
> 	at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC
> onnectionHandler.java:160)
> 	at
> org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.java:338
> )
> 	at java.lang.Thread.run(Thread.java:484)
> 
> > >Using the following setup, I can request cocoon.properties and see its
> > >contents because it seems that Tomcat wants the cocoon.properties file in
> > >each web application directory.
> > >
> > >- am I doing something wrong?
> >
> > Yes, put it in a WEB-INF directory, then web users will not be
> > able to see
> > it. This is defined in the Servlet Spec I believe.
> >
> > >- is this a security problem in the making?
> >
> > No. :)
> 
> Understood, if it works the way you describe, it'd be ok.
> 
> p.s. can't I have just one for the whole Tomcat install instead of one per
> webapp?
> 


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Mime
View raw message