tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: where to put static files?
Date Tue, 22 Nov 2011 15:37:52 GMT

Christopher Schultz wrote:
> Hash: SHA1
> André,
> On 11/21/11 4:06 AM, André Warnier wrote:
>> S Ahmed wrote:
>>> I know when I go in production I will have nginx map to this
>>> folder to serve the static files,
>> which, as far as I understand your planned setup, would be a really
>> bad idea.
> Only if you don't know what you're doing.

Granted.  But in that respect, many people don't realise what they're doing, as many 
previous questions on the list show.

> Also, there is a big difference between this:
> DocumentRoot /path/to/tomcat/webapps/mywebapp
> and this:
> Alias /Assets /path/to/tomcat/webapps/mywebapp/Assets
> The latter is quite a bit safer IMO.

Yes, but what the OP would need to do, considering where he wanted to put the files, would

 > Alias /Assets /path/to/tomcat/webapps/mywebapp/WEB-INF/Assets

which in my view is at least an opening for doing less safe things (*), which is why 
several people have already suggested /not/ to put the Assets sub-directory under WEB-INF.

(*) because in order for that to work, the user-id under which Apache is running, already

needs at least "rx" permissions to all the directories in that path (WEB-INF included). 
Which is unnecessary and unsafe.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message