tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <m...@ceti.pl>
Subject Re: Security restrictions for Tomcat
Date Wed, 26 Sep 2007 06:34:51 GMT
alla winter wrote:
> My application can crate report on a fly ( a file) for an authorized
> clients.   The client authentication is conducted by the application  and
> Tomcat is not involved in this process. Other clients may create a file in
> the same directory, but the application will show the links only to  the
> files that were created by this particular user ( the userID is a part of
> the file name).  How can I ensure that others cannot view this file by just
> typing the URL in the browser and list all the files under this directory?
>   
Just do not create files in work readable directory. Store files 
somewhere outside application directory and display them with some kind 
of dispatcher servlet.

-- 
Mikolaj Rydzewski <miki@ceti.pl>


Mime
View raw message