> From: David kerber [mailto:dcker...@verizon.net] > Subject: Re: Tomcat security vulnerability/ or security config issue
> If things are configured properly, web users won't be able to see > anything outside your app hierarchy, so something clearly isn't set up > properly. This has little to do with configuration - it's the particular webapp (consistencycheck) that is blindly trusting whatever is fed to it from the outside world, and using that as a path into the local file system. A SecurityManager _may_ be able to stop it, but if the site has deployed such a dangerous webapp, it's likely they would grant excessive privileges to it as well. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org