What do you mean by "With java the host can still view any file on the
Usually, you've got web-app(s) in virtual hosts serving content and/or
providing an application. If you say "view any file", does this mean you
have a directory listing where the files of the underlying filesystem are
shown and are readable by the client? Beside the fact, that you can disable
the directory-listing, you can restrict what a web-app can "do". You might
want to look at
if you're talking about an ISP Environment.
2007/12/26, Mktg. Incorporate Fast <[EMAIL PROTECTED]>:
> I am looking for a way to prevent virtual hosts accessing any files
> outside of their host directory.
> I have tried to set the root directory but it does not work. With java
> the host can still view any file on the server.
> Resin appears to have huge security flaws in this area. Please, please,
> please help.
> resin-interest mailing list
resin-interest mailing list