tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Gonin <pgo...@cs.uno.edu>
Subject Deny web-inf access (security problem)
Date Tue, 19 Dec 2000 19:02:12 GMT
Hi, 

I have a JSP that uses a bean. It uses the following directory structure :
    webapps/myapply/myapply.jsp
    webapps/myapply/web-inf/classes/mybean.class

It works fine but I am annoyed that people can download the bean directly
and "access" its content because it contains critical information
(passwords). 

How do I protect my bean and more generraly I'd like to protect the whole
web-inf directory (if it's possible)

Note : I'm using Tomcat standalone.

Thanks 


Mime
View raw message