tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert L Sowders" <rsowd...@usgs.gov>
Subject Re: Security RISK !
Date Wed, 23 Oct 2002 07:00:51 GMT
This doesn't really pose a problem with a correctly configured connector 
that is setup to handle all *.jsp and servlet requests.

rls





Nikola Milutinovic <Nikola.Milutinovic@ev.co.yu>
10/22/2002 11:00 PM
Please respond to "Tomcat Users List"

 
        To:     Tomcat Users List <tomcat-user@jakarta.apache.org>
        cc: 
        Subject:        Re: Security RISK !

SigurĂ°ur Bjarnason wrote:
> Hi all
> 
> The question is.. is there any security risk if I Have the Apache 
DocumentRoot
> pointing straight to the webapps folder ?!

First of all, Apache cannot handle JSPs and has no knowledge of Servlets. 
Second, if both Apache and Tomcat-via-connector access the same dir, won't 
there 
be a confusion? Third, yes, it is a security risk, since not only 
protection in 
Tomcat is bypassed, but Apache might display your JSP source.

Nix.


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>





--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message