http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
>From that page describing allowLinking: > If the value of this flag is true, symlinks will be allowed inside the web > application, pointing to resources outside the web application base path. If > not specified, the default value of the flag is false. > > *NOTE: This flag MUST NOT be set to true on the Windows platform (or any > other OS which does not have a case sensitive filesystem), as it will > disable case sensitivity checks, allowing JSP source code disclosure, among > other security problems.* > Hope that helps :) Adam * * On Mon, Jun 1, 2009 at 4:22 AM, Hugo Ahlenius <[email protected]> wrote: > > Jordan, > > I saw that you, on the wiki, added a warning that one shouldn't allow > symlinks on Windows hosts, in tomcat - do you have any links for that? I > did > a quick googling, and didn't find anything immediately obvious... > > Thanks, > Hugo > > -- > Hugo Ahlenius > fraxinus (at-sign) oxel.net > http://www.oxel.net > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
