tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Security restrictions for Tomcat
Date Wed, 26 Sep 2007 16:36:15 GMT
Hash: SHA1


alla winter wrote:
> Thanks for the quick response.
> So, I want to make sure that understand it right : you are proposing that
> the servlet should  display the file, instead of allowing Tomcat to invoke
> Microsoft Word to disply the file content.

I think you are misunderstanding what is really going on at a
fundamental level. Tomcat will never invoke Microsoft Word for any
reason, unless you have something truly crazy going on in the background.

What I'm suggesting is that you write your own code to serve the
contents of a static file. It's pretty simple: open the file, write the
appropriate HTTP headers, copy the bytes to the servlet output stream,
close all streams, and you are done.

> The only issue with that is that
> the file is created in the RTF format and it has control characters that
> governs the formatting.

This is irrelevant. It doesn't matter if you are serving a text file or
a PDF, you are just serving bytes to the web browser.

> The second question was about how to set up TOMCAT not to allow the
> directory listing

Actually, I think you have to specifically enable directory listings. If
you haven't enabled them, then you shouldn't be getting any. Are you
able to get a directory listing?

- -chris

Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message