tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <>
Subject Re: Security restrictions for Tomcat
Date Wed, 26 Sep 2007 06:34:51 GMT
alla winter wrote:
> My application can crate report on a fly ( a file) for an authorized
> clients.   The client authentication is conducted by the application  and
> Tomcat is not involved in this process. Other clients may create a file in
> the same directory, but the application will show the links only to  the
> files that were created by this particular user ( the userID is a part of
> the file name).  How can I ensure that others cannot view this file by just
> typing the URL in the browser and list all the files under this directory?
Just do not create files in work readable directory. Store files 
somewhere outside application directory and display them with some kind 
of dispatcher servlet.

Mikolaj Rydzewski <>

View raw message