tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: UserDatabase & security
Date Fri, 18 May 2007 11:14:14 GMT
Jerome Benezech wrote:
> Is there a way to ensure that only the root user can
> read this file ?

Not quite root only but it will meet your requirement...

Run Tomcat under a security manager. That way, webapps don't have
access to files outside the docBase without explicit permissions being
defined.

This also protects from applications calling System.exit() and a host
of other issues.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message