tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Deny web-inf access (security problem)
Date Thu, 21 Dec 2000 18:25:03 GMT
Paul Gonin wrote:

> Hi,
>
> I have a JSP that uses a bean. It uses the following directory structure :
>     webapps/myapply/myapply.jsp
>     webapps/myapply/web-inf/classes/mybean.class
>
> It works fine but I am annoyed that people can download the bean directly
> and "access" its content because it contains critical information
> (passwords).
>
> How do I protect my bean and more generraly I'd like to protect the whole
> web-inf directory (if it's possible)
>
> Note : I'm using Tomcat standalone.
>

Tomcat protects the WEB-INF directory for you.  This is required by the servlet
specification.

>
> Thanks

Craig McClanahan

Mime
View raw message