tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@bbo.com
Subject RE: Deny web-inf access (security problem)
Date Tue, 19 Dec 2000 23:57:58 GMT
Set up a directory outside your tomcat directory to contain java class
files, and include that directory in your classpath.  Keep it outside of
your Apache directory as well.

-----Original Message-----
From: Paul Gonin [mailto:pgonin@cs.uno.edu]
Sent: Tuesday, December 19, 2000 2:02 PM
To: tomcat-user@jakarta.apache.org
Subject: Deny web-inf access (security problem)


Hi, 

I have a JSP that uses a bean. It uses the following directory structure :
    webapps/myapply/myapply.jsp
    webapps/myapply/web-inf/classes/mybean.class

It works fine but I am annoyed that people can download the bean directly
and "access" its content because it contains critical information
(passwords). 

How do I protect my bean and more generraly I'd like to protect the whole
web-inf directory (if it's possible)

Note : I'm using Tomcat standalone.

Thanks 

Mime
View raw message