cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Per Kreipke" <...@onclave.com>
Subject RE: Security: cocoon.properties?
Date Fri, 22 Sep 2000 16:29:42 GMT
I'd already tried that, I get:

java.io.FileNotFoundException: D:\tomcat\webapps\samples\cocoon.properties
(The system cannot find the file specified)
	at java.io.FileInputStream.open(Native Method)
	at java.io.FileInputStream.(FileInputStream.java:64)
	at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:6
9)
	at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection
.java:133)
	at org.apache.cocoon.Cocoon.init(Cocoon.java:123)
	at
org.apache.tomcat.core.ServletWrapper.initServlet(ServletWrapper.java:315)
	at
org.apache.tomcat.core.ServletWrapper.handleRequest(ServletWrapper.java:445)
	at org.apache.tomcat.core.ContextManager.service(ContextManager.java:559)
	at
org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC
onnectionHandler.java:160)
	at
org.apache.tomcat.service.TcpConnectionThread.run(SimpleTcpEndpoint.java:338
)
	at java.lang.Thread.run(Thread.java:484)

> >Using the following setup, I can request cocoon.properties and see its
> >contents because it seems that Tomcat wants the cocoon.properties file in
> >each web application directory.
> >
> >- am I doing something wrong?
>
> Yes, put it in a WEB-INF directory, then web users will not be
> able to see
> it. This is defined in the Servlet Spec I believe.
>
> >- is this a security problem in the making?
>
> No. :)

Understood, if it works the way you describe, it'd be ok.

p.s. can't I have just one for the whole Tomcat install instead of one per
webapp?


Mime
View raw message