tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: WebApps sharing uploaded files
Date Tue, 04 Oct 2011 19:07:05 GMT
"André Warnier" <> wrote:

>Christopher Schultz wrote:
>> Hash: SHA1
>> André,
>> On 10/4/2011 1:31 PM, André Warnier wrote:
>>> Or, wasn't there a possibility to place a symlink within the
>>> webapps dir, and have Tomcat /not/ following it when undeploying ?
>>> Or was that precisely the catch, that it always does ?
>> Look for "aliases":
>Thanks. Seen.  Lea, do you follow ?
>By the way, in that same page, the next item is :
>If the value of this flag is true, symlinks will be allowed inside the
>web application, 
>pointing to resources outside the web application base path. If not
>specified, the default 
>value of the flag is false.
>NOTE: This flag MUST NOT be set to true on the Windows platform (or any
>other OS which 
>does not have a case sensitive filesystem), as it will disable case
>sensitivity checks, 
>allowing JSP source code disclosure, among other security problems.
>Is this second paragraph really well-placed there ?


>Does allowLinking really influence case-sensitivity ?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message