This doesn't really pose a problem with a correctly configured connector
that is setup to handle all *.jsp and servlet requests.
rls
Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>
10/22/2002 11:00 PM
Please respond to "Tomcat Users List"
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
cc:
Subject: Re: Security RISK !
SigurĂ°ur Bjarnason wrote:
> Hi all
>
> The question is.. is there any security risk if I Have the Apache
DocumentRoot
> pointing straight to the webapps folder ?!
First of all, Apache cannot handle JSPs and has no knowledge of Servlets.
Second, if both Apache and Tomcat-via-connector access the same dir, won't
there
be a confusion? Third, yes, it is a security risk, since not only
protection in
Tomcat is bypassed, but Apache might display your JSP source.
Nix.
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
--
To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
|