tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "alla winter" <alla1.win...@gmail.com>
Subject Re: Security restrictions for Tomcat
Date Wed, 26 Sep 2007 16:02:20 GMT
I would appreciate if you would give me some hints how this dispatcher
servlet should work.
Also, what needs to be done to restrict Tomcat to list the directories that
contain java script and images.
thanks


On 9/26/07, Mikolaj Rydzewski <miki@ceti.pl> wrote:
>
> alla winter wrote:
> > My application can crate report on a fly ( a file) for an authorized
> > clients.   The client authentication is conducted by the
> application  and
> > Tomcat is not involved in this process. Other clients may create a file
> in
> > the same directory, but the application will show the links only to  the
> > files that were created by this particular user ( the userID is a part
> of
> > the file name).  How can I ensure that others cannot view this file by
> just
> > typing the URL in the browser and list all the files under this
> directory?
> >
> Just do not create files in work readable directory. Store files
> somewhere outside application directory and display them with some kind
> of dispatcher servlet.
>
> --
> Mikolaj Rydzewski <miki@ceti.pl>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message