tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Harris <shar...@myra.com>
Subject RE: symbolic links and applications
Date Thu, 06 Nov 2003 22:43:58 GMT
Thanks for the info.

While the developers are looking at the app I've added a simple
url-mapping that redirects the users to a login servlet that keeps them
out of that directory.

Cheers - Steve


On Thu, 6 Nov 2003, Shapira, Yoav wrote:

>
> Howdy,
> It's a problem with your directory structure or your security
> configuration in web.xml, or both.  Perhaps moving the symlink so that
> it's under WEB-INF is enough for your needs.
>
> Yoav Shapira
> Millennium ChemInformatics
>
>
> >-----Original Message-----
> >From: Steve Harris [mailto:sharris@myra.com]
> >Sent: Thursday, November 06, 2003 4:04 PM
> >To: tomcat-user@jakarta.apache.org
> >Subject: symbolic links and applications
> >
> >Hi,
> >
> >I have an application running under tomcat that stores a bunch of files
> in
> >a directory.  In the normal everyday use of the application users login
> to
> >the app and then can get at these files.  However if a user figures out
> >the URL then they can browse directly to the location of the files
> without
> >logging into the application.  BTW the path to the files is a symbolic
> >link in the ...../webapps/app/ directory, pointing to the real location
> of
> >the data.
> >
> >Does anyone have aview whether this is a problem with the application
> >itself or with the tomcat config.
> >
> >
> >Cheers all - Steve
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged.  This e-mail
is intended only for the individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the sender.  Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message