tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert L Sowders" <>
Subject Re: Security RISK !
Date Wed, 23 Oct 2002 07:00:51 GMT
This doesn't really pose a problem with a correctly configured connector 
that is setup to handle all *.jsp and servlet requests.


Nikola Milutinovic <>
10/22/2002 11:00 PM
Please respond to "Tomcat Users List"

        To:     Tomcat Users List <>
        Subject:        Re: Security RISK !

SigurĂ°ur Bjarnason wrote:
> Hi all
> The question is.. is there any security risk if I Have the Apache 
> pointing straight to the webapps folder ?!

First of all, Apache cannot handle JSPs and has no knowledge of Servlets. 
Second, if both Apache and Tomcat-via-connector access the same dir, won't 
be a confusion? Third, yes, it is a security risk, since not only 
protection in 
Tomcat is bypassed, but Apache might display your JSP source.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message