Re: Include directive problem
I had the same problem referencing jar files, from what I can gather, (no doubt somebody will correct me if I'm wrong) symbolic links are a security risk. Mark On Tue, 2002-10-15 at 11:49, Luise Massimo wrote: Hi all, i have a problem with Tomcat 4.1.12: I'm using a JSP page that it use an include directive (%@ include file=...%) to include another JSP page. The filename that i have specified is relative to the directory containing the first JSP page, but it is a symbolic link (i'm on a linux box). When i access that JSP page, the JSP compiler throw a JasperException that say FileNotFound ! Before Tomcat 4.1.12 i was using 4.0.4 and the thing was ok. What is it wrong on using symlink ? Anyone can help me ? Thanks in advance. Max -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Include directive problem
why do you think symlinks are a security risk ? Mark Olliver wrote: I had the same problem referencing jar files, from what I can gather, (no doubt somebody will correct me if I'm wrong) symbolic links are a security risk. Mark On Tue, 2002-10-15 at 11:49, Luise Massimo wrote: Hi all, i have a problem with Tomcat 4.1.12: I'm using a JSP page that it use an include directive (%@ include file=...%) to include another JSP page. The filename that i have specified is relative to the directory containing the first JSP page, but it is a symbolic link (i'm on a linux box). When i access that JSP page, the JSP compiler throw a JasperException that say FileNotFound ! Before Tomcat 4.1.12 i was using 4.0.4 and the thing was ok. What is it wrong on using symlink ? Anyone can help me ? Thanks in advance. Max -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Include directive problem
The following quote is taken from http://httpd.apache.org/docs/urlmapping.html 'There are frequently circumstances where it is necessary to allow web access to parts of the filesystem that are not strictly underneath the DocumentRoot. Apache offers several different ways to accomplish this. On Unix systems, symbolic links can bring other parts of the filesystem under the DocumentRoot. For security reasons, Apache will follow symbolic links only if the Options setting for the relevant directory includes FollowSymLinks or SymLinksIfOwnerMatch.' I don't think or know if they are a security risk. The above offered a possible explanation as to why my symbolic link didn't work. Regards On Tue, 2002-10-15 at 13:33, Luise Massimo wrote: why do you think symlinks are a security risk ? Mark Olliver wrote: I had the same problem referencing jar files, from what I can gather, (no doubt somebody will correct me if I'm wrong) symbolic links are a security risk. Mark On Tue, 2002-10-15 at 11:49, Luise Massimo wrote: Hi all, i have a problem with Tomcat 4.1.12: I'm using a JSP page that it use an include directive (%@ include file=...%) to include another JSP page. The filename that i have specified is relative to the directory containing the first JSP page, but it is a symbolic link (i'm on a linux box). When i access that JSP page, the JSP compiler throw a JasperException that say FileNotFound ! Before Tomcat 4.1.12 i was using 4.0.4 and the thing was ok. What is it wrong on using symlink ? Anyone can help me ? Thanks in advance. Max -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
