tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Tkachenko <ol...@multiconn.com>
Subject security problem, 4.04
Date Wed, 26 Jun 2002 13:08:18 GMT
Hello!

I have some security problem on my web hosting using tomcat 4.04. It seems to 
me java classes loaded from WEB-INF/classes has much more permissions than 
those loaded from jars in WEB-INF/lib. My hosting admin said my policy is

grant codeBase "file:/home/virtual/site16/fst/var/www/html/-" {
     permission java.net.SocketPermission "*", "connect";
     permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission java.io.FilePermission "/home/virtual/site16/fst/var/www/html/-",
"read,write,delete";


};

My WEB-INF directory is inside /home/virtual/site16/fst/var/www/html at the 
server. Servlet from WEB-INF/classes able to read system properies, but the 
same servlet being jared to WEB-INF/lib is not able. How can one grant the 
same permissions to both classes and lib dirs?

-- 
Oleg Tkachenko
Multiconn International Ltd, Israel


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message