What do you mean by "With java the host can still view any file on the
server" ?
Usually, you've got web-app(s) in virtual hosts serving content and/or
providing an application. If you say "view any file", does this mean you
have a directory listing where the files of the underlying filesystem are
shown and are readable by the client? Beside the fact, that you can disable
the directory-listing, you can restrict what a web-app can "do". You might
want to look at
http://www.caucho.com/resin-3.1/doc/security.xtp
and http://www.caucho.com/resin-3.1/doc/securitymanager.xtp
if you're talking about an ISP Environment.

Regards,
Steffen


2007/12/26, Mktg. Incorporate Fast <[EMAIL PROTECTED]>:
>
>  I am looking for a way to prevent virtual hosts accessing any files
> outside of their host directory.
>
>
>
> I have tried to set the root directory but it does not work.  With java
> the host can still view any file on the server.
>
>
>
> Resin appears to have huge security flaws in this area.  Please, please,
> please help.
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to