tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Security Query.
Date Sat, 05 Dec 2009 18:35:20 GMT
> From: R. S. Patil [mailto:kpr.rspatil@gmail.com]
> Subject: Security Query.
> 
> In some discussion i heard that the WEB-INF contents can not be
> accessed from Internet at all.

The servlet spec requires that the servlet container (Tomcat) prevent direct access to WEB-INF.

> How far this is true ?

Completely, as far as Tomcat is concerned.  If you have an alternative means of accessing
the host (e.g., httpd, SMB, NFS) and you have not configured such alternatives correctly,
there may be other ways of reaching the files.  Tomcat obviously cannot protect you from mistakes
made in other components.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message