tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: WebApps sharing uploaded files
Date Tue, 04 Oct 2011 17:56:48 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> André,
> 
> On 10/4/2011 1:31 PM, André Warnier wrote:
>> Or, wasn't there a possibility to place a symlink within the
>> webapps dir, and have Tomcat /not/ following it when undeploying ?
>> Or was that precisely the catch, that it always does ?
> 
> Look for "aliases":
> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
> 
Thanks. Seen.  Lea, do you follow ?

By the way, in that same page, the next item is :

quote

allowLinking	

If the value of this flag is true, symlinks will be allowed inside the web application, 
pointing to resources outside the web application base path. If not specified, the default

value of the flag is false.

NOTE: This flag MUST NOT be set to true on the Windows platform (or any other OS which 
does not have a case sensitive filesystem), as it will disable case sensitivity checks, 
allowing JSP source code disclosure, among other security problems.

unquote

Is this second paragraph really well-placed there ?
Does allowLinking really influence case-sensitivity ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message