tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Tkachenko <>
Subject security problem, 4.04
Date Wed, 26 Jun 2002 13:08:18 GMT

I have some security problem on my web hosting using tomcat 4.04. It seems to 
me java classes loaded from WEB-INF/classes has much more permissions than 
those loaded from jars in WEB-INF/lib. My hosting admin said my policy is

grant codeBase "file:/home/virtual/site16/fst/var/www/html/-" {
     permission "*", "connect";
     permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "";
permission "/home/virtual/site16/fst/var/www/html/-",


My WEB-INF directory is inside /home/virtual/site16/fst/var/www/html at the 
server. Servlet from WEB-INF/classes able to read system properies, but the 
same servlet being jared to WEB-INF/lib is not able. How can one grant the 
same permissions to both classes and lib dirs?

Oleg Tkachenko
Multiconn International Ltd, Israel

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message