tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Larry Isaacs <Larry.Isa...@sas.com>
Subject RE: Unsafe path ?
Date Tue, 13 Mar 2001 14:44:31 GMT
David,

For security, web applications aren't allow to access files outside
of the web application.  That is why /WEB-INF/../env.xml is okay
and /WEB-INF/../../env.xml isn't.

Larry

-----Original Message-----
From: David Soroko [mailto:davids@mannanetwork.com]
Sent: Tuesday, March 13, 2001 7:53 AM
To: tomcat-dev@jakarta.apache.org
Subject: Unsafe path ?


Hi all 
>From within a servlet I am trying to read a file in the following way 
    getServletContext().getResourceAsStream(getInitParameter("envFile")); 
When the parameter envFile has the value /WEB-INF/../../env.xml    
I am getting the following message from Tomcat: 
    Unsafe path D:\Jupiter\tomcat\webapps\dir1\dir2\dir3 /WEB-INF/../../env.xml    
Any ideas why is that? 
Interestingly, when the parameter envFile has the value /WEB-INF/../env.xml    
Tomcat has no problems reading the file. 
This is on Tomcat 3.2/Wintel. 
TIA 
-- 
============================================ 
David Soroko 
mailto:davids@mannanetwork.com 
http://www.geocities.com/SiliconValley/Campus/1628/ 
Group Manager, Core Technologies 
Manna Inc. 
============================================ 
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, email: tomcat-dev-help@jakarta.apache.org


Mime
View raw message