Author: markt
Date: Mon Nov 24 11:29:41 2014
New Revision: 1641369
URL: http://svn.apache.org/r1641369
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=57245
Update reference to allowLinking since it has moved from Context to the nested
Resources element.
Modified:
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1641369&r1=1641368&r2=1641369&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Mon Nov 24 11:29:41 2014
@@ -326,10 +326,11 @@
<code>false</code> by default and should only be changed for trusted web
applications.</p>
- <p>The <strong>allowLinking</strong> attribute controls if a context is
- allowed to use linked files. If enabled and the context is undeployed,
the
- links will be followed when deleting the context resources. Changing this
- setting from the default of <code>false</code> on case insensitive
+ <p>The <strong>allowLinking</strong> attribute of a nested
+ <a href="config/resources.html">Resources</a> element controls if a
context
+ is allowed to use linked files. If enabled and the context is undeployed,
+ the links will be followed when deleting the context resources. Changing
+ this setting from the default of <code>false</code> on case insensitive
operating systems (this includes Windows) will disable a number of
security measures and allow, among other things, direct access to the
WEB-INF directory.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
