tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <>
Subject Re: Security RISK !
Date Wed, 23 Oct 2002 06:00:08 GMT
SigurĂ°ur Bjarnason wrote:
> Hi all
> The question is.. is there any security risk if I Have the Apache DocumentRoot
> pointing straight to the webapps folder ?!

First of all, Apache cannot handle JSPs and has no knowledge of Servlets. 
Second, if both Apache and Tomcat-via-connector access the same dir, won't there 
be a confusion? Third, yes, it is a security risk, since not only protection in 
Tomcat is bypassed, but Apache might display your JSP source.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message