tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roland" <>
Subject Re: Limits on the size of the web.xml file?
Date Mon, 03 Sep 2001 19:37:17 GMT
> The details *vastly* depend on how your app is put together, but it isn't
> all that complicated to figure out.
> Consider that you might have the mailboxes for a particular user defined
> in a database table called "mailboxes", with columns "username" and
> "mailboxname".  It would be easy to construct an SQL statement like this:
>   select mailboxname from mailboxes
>     where username = xxx

Ok, having Data in the database is fine. But what if we also have image
data? We will store Charts and things like that. I think it would be easier
to create a directory for each user(maybe I'm wrong). It is possible to
store images in a mysql database but I think its not as easy as text data.
And then we will have to create a HTML page from that image data and send it
to the user.
To put the question more simply: is it possible to create a directory for
each user and prevent other users from accessing it? If every standard user
has the same role how can this be done? I had the idea of letting no one
acess the user directories. Then the jsp pages would take the info from the
user directories according to the user that is logged in. That would bring
up the question how can I make the jsp page access directories that are not
accessible to the user. I posted this question in the newsgroup but had no
good answer. One guy made the suggestion to read the file with
FileInputStreams and pass it on to the browser, but I think this would be
very hard to implement.

> and replace xxx by the value returned from request.getRemoteUser().  This
> would allow the user access *only* to his or her own mailboxes.
> I'm assuming that you are *not* allowing users to upload their own
> servlets or JSP pages, so they can only access what your app allows.  If
> this is not true, all bets are off (and I wouldn't ever trust your server
> with my mail messages anyway :-).

NO, of course not :)

View raw message