[
https://issues.apache.org/jira/browse/GERONIMO-3837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12567826#action_12567826
]
Vamsavardhana Reddy commented on GERONIMO-3837:
-----------------------------------------------
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
If the value of this flag is true, symlinks will be allowed inside the web
application, pointing to resources outside the web application base path. If
not specified, the default value of the flag is false.
NOTE: This flag MUST NOT be set to true on the Windows platform (or any other
OS which does not have a case sensitive filesystem), as it will disable case
sensitivity checks, allowing JSP source code disclosure, among other security
problems.
> allowLinking Tomcat atttibute in StandardContext not configurable through
> Geronimo
> -----------------------------------------------------------------------------------
>
> Key: GERONIMO-3837
> URL: https://issues.apache.org/jira/browse/GERONIMO-3837
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: Tomcat
> Affects Versions: 2.0.2, 2.0.x, 2.1, 2.2
> Environment: G 2.0.2 Tomcat on Linux
> Reporter: Vamsavardhana Reddy
> Assignee: Vamsavardhana Reddy
> Fix For: 2.0.x, 2.1.1, 2.2
>
>
> Tomcat provides an allowLinking attribute in the StandardContext which when
> set to true will enable tomcat running on Linux platform to serve paths
> associated with the symbolic links. Configuring this attribute through
> Geronimo is not possible currently. Link to a query posted on user-list is
> given below.
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg08509.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
