tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: Deny web-inf access (security problem)
Date Tue, 19 Dec 2000 23:57:58 GMT
Set up a directory outside your tomcat directory to contain java class
files, and include that directory in your classpath.  Keep it outside of
your Apache directory as well.

-----Original Message-----
From: Paul Gonin []
Sent: Tuesday, December 19, 2000 2:02 PM
Subject: Deny web-inf access (security problem)


I have a JSP that uses a bean. It uses the following directory structure :

It works fine but I am annoyed that people can download the bean directly
and "access" its content because it contains critical information

How do I protect my bean and more generraly I'd like to protect the whole
web-inf directory (if it's possible)

Note : I'm using Tomcat standalone.


View raw message