"André Warnier" <aw@ice-sa.com> wrote:
>Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> André,
>>
>> On 10/4/2011 1:31 PM, André Warnier wrote:
>>> Or, wasn't there a possibility to place a symlink within the
>>> webapps dir, and have Tomcat /not/ following it when undeploying ?
>>> Or was that precisely the catch, that it always does ?
>>
>> Look for "aliases":
>> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
>>
>Thanks. Seen. Lea, do you follow ?
>
>By the way, in that same page, the next item is :
>
>quote
>
>allowLinking
>
>If the value of this flag is true, symlinks will be allowed inside the
>web application,
>pointing to resources outside the web application base path. If not
>specified, the default
>value of the flag is false.
>
>NOTE: This flag MUST NOT be set to true on the Windows platform (or any
>other OS which
>does not have a case sensitive filesystem), as it will disable case
>sensitivity checks,
>allowing JSP source code disclosure, among other security problems.
>
>unquote
>
>Is this second paragraph really well-placed there ?
Yes.
>Does allowLinking really influence case-sensitivity ?
Yes.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|