tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: where to put static files?
Date Tue, 22 Nov 2011 15:37:52 GMT
Chris,

Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> André,
> 
> On 11/21/11 4:06 AM, André Warnier wrote:
>> S Ahmed wrote:
>>> I know when I go in production I will have nginx map to this
>>> folder to serve the static files,
>> which, as far as I understand your planned setup, would be a really
>> bad idea.
> 
> Only if you don't know what you're doing.

Granted.  But in that respect, many people don't realise what they're doing, as many 
previous questions on the list show.

> 
> Also, there is a big difference between this:
> 
> DocumentRoot /path/to/tomcat/webapps/mywebapp
> 
> and this:
> 
> Alias /Assets /path/to/tomcat/webapps/mywebapp/Assets
> 
> The latter is quite a bit safer IMO.

Yes, but what the OP would need to do, considering where he wanted to put the files, would
be

 > Alias /Assets /path/to/tomcat/webapps/mywebapp/WEB-INF/Assets

which in my view is at least an opening for doing less safe things (*), which is why 
several people have already suggested /not/ to put the Assets sub-directory under WEB-INF.

(*) because in order for that to work, the user-id under which Apache is running, already

needs at least "rx" permissions to all the directories in that path (WEB-INF included). 
Which is unnecessary and unsafe.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message