On 8/18/06, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > Matti Haack wrote: > > The only really clean & secure way (but as I think most > > complicated patch) would be allow access only to the files & locations which > > are entered somewhere in the config file. > > Best idea I have heard so far. > >
Then I could change the config directory to somewhere else and access the files already there? That is infact very insecure as it allows the admin to choose what directory ASSP stores it's files in. The current ASSP only lets you set file locations to it's own directory and sub-directories. IMO allowing the config directory to be placed outside of the assp directory at the admins discression would cause an even worse security flaw. My 2cents. Kevin ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
