tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <Nikola.Milutino...@ev.co.yu>
Subject Re: Security RISK !
Date Wed, 23 Oct 2002 06:00:08 GMT
SigurĂ°ur Bjarnason wrote:
> Hi all
> 
> The question is.. is there any security risk if I Have the Apache DocumentRoot
> pointing straight to the webapps folder ?!

First of all, Apache cannot handle JSPs and has no knowledge of Servlets. 
Second, if both Apache and Tomcat-via-connector access the same dir, won't there 
be a confusion? Third, yes, it is a security risk, since not only protection in 
Tomcat is bypassed, but Apache might display your JSP source.

Nix.


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message