tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <qm...@brandxdev.net>
Subject Re: Reject access to some files
Date Mon, 13 Jun 2005 10:48:34 GMT
On Mon, Jun 13, 2005 at 06:57:21AM +0200, Rene Guenther wrote:
: how to reject access to files? E.g. I got property files and war files in my
: root directory and I they must not be readable via HTTP Request.

Use a servlet filter.

Also, you received some sage advice from another poster: put your
properties files, or anything else you don't want served to clients,
under WEB-INF. 

I don't have the servlet spec in front of me right now, but I'm pretty
sure it mandates that compliant containers don't (directly) serve files
out of WEB-INF to clients.


So you could use a filter as a holdover, then move your files under
WEB-INF.


(As a side note, how are you loading these properties files?  If you put
them under WEB-INF/classes, you can use the classloader...)

-QM


-- 

software   -- http://www.brandxdev.net/
tech news  -- http://www.RoarNetworX.com/
code scan  -- http://www.JxRef.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message