tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: permission on server.xml
Date Sun, 29 Oct 2006 20:13:46 GMT
> From: mast [mailto:master@tyranz.com] 
> Subject: permission on server.xml
> 
> Hi, one question i think
> exemple we run java with user and group www
> server.xml need to be readable for tomcat to work, but each 
> user that have access to a tomcat account can also read it 
> with a simple jsp code how can we prevent that ? (or tomcat-user.xml)

How would that "simple jsp code" get into your webapps?  Do you allow
any user to dump arbitrary code into your system?

BTW, tomcat-users.xml must also be writeable by Tomcat.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message