Micheal Espinola Jr wrote: > Matti Haack wrote: >> The only really clean & secure way (but as I think most >> complicated patch) would be allow access only to the files & locations which >> are entered somewhere in the config file. > > Best idea I have heard so far.
So one aditional step before breaking in would be changing some config directory to /etc (assuming that attacker has already assp administrator rights). ;-) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
