tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject Re: WebApps sharing uploaded files
Date Tue, 04 Oct 2011 19:07:05 GMT
"André Warnier" <aw@ice-sa.com> wrote:

>Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> André,
>> 
>> On 10/4/2011 1:31 PM, André Warnier wrote:
>>> Or, wasn't there a possibility to place a symlink within the
>>> webapps dir, and have Tomcat /not/ following it when undeploying ?
>>> Or was that precisely the catch, that it always does ?
>> 
>> Look for "aliases":
>> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
>> 
>Thanks. Seen.  Lea, do you follow ?
>
>By the way, in that same page, the next item is :
>
>quote
>
>allowLinking	
>
>If the value of this flag is true, symlinks will be allowed inside the
>web application, 
>pointing to resources outside the web application base path. If not
>specified, the default 
>value of the flag is false.
>
>NOTE: This flag MUST NOT be set to true on the Windows platform (or any
>other OS which 
>does not have a case sensitive filesystem), as it will disable case
>sensitivity checks, 
>allowing JSP source code disclosure, among other security problems.
>
>unquote
>
>Is this second paragraph really well-placed there ?

Yes.

>Does allowLinking really influence case-sensitivity ?

Yes.

Mark





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message