tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry Isaacs <>
Subject RE: Unsafe path ?
Date Tue, 13 Mar 2001 14:44:31 GMT

For security, web applications aren't allow to access files outside
of the web application.  That is why /WEB-INF/../env.xml is okay
and /WEB-INF/../../env.xml isn't.


-----Original Message-----
From: David Soroko []
Sent: Tuesday, March 13, 2001 7:53 AM
Subject: Unsafe path ?

Hi all 
>From within a servlet I am trying to read a file in the following way 
When the parameter envFile has the value /WEB-INF/../../env.xml    
I am getting the following message from Tomcat: 
    Unsafe path D:\Jupiter\tomcat\webapps\dir1\dir2\dir3 /WEB-INF/../../env.xml    
Any ideas why is that? 
Interestingly, when the parameter envFile has the value /WEB-INF/../env.xml    
Tomcat has no problems reading the file. 
This is on Tomcat 3.2/Wintel. 
David Soroko 
Group Manager, Core Technologies 
Manna Inc. 

To unsubscribe, e-mail:
For additional commands, email:

View raw message