tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Writing exception trace to a file
Date Tue, 02 May 2000 16:13:53 GMT
"Hubbard, Charles (ISSAtlanta)" wrote:

> You can use the getPathTranslated() method or the getRealPath(string) method
> in the request object to get the path where the servlet/jsp exists on the
> local file system.  Then you can open up a file in that directory and write
> it out.  The only problem with this approach is that someone could request
> the exception trace file through the webserver which could give an attacker
> very particular information about how your app works.
>
> charlie
>

To avoid inadvertent requests of your trace logs, one option would be to store
the trace file under the "WEB-INF" directory, which the servlet container is
expressly prohibited from serving via requests.  You could do something like
this:

    String tracePathname =
getServletContext().getRealPath("/WEB-INF/tracefile.txt");
    PrintWriter traceWriter = new PrintWriter(new FileWriter(tracePathname));
    traceWriter.println(...);

Craig McClanahan


>
> -----Original Message-----
> From: Chris Howard [mailto:choward@asgna.com]
> Sent: Tuesday, May 02, 2000 6:43 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Writing exception trace to a file
>
> I'm trying to write the exception trace to a file.  I want the file to be
> appended to the same debug file that is located in the same directory as the
> jsp file is located.  Tomcat defaults the path for printwriter to the
> tomcat/bin directory.  How can I write the file to the directory where the
> jsp file is located?
>
> Cheers,
> Chris
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org
>
> --------------------------------------------------------------------------
> To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commmands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message