Set up a directory outside your tomcat directory to contain java class
files, and include that directory in your classpath. Keep it outside of
your Apache directory as well.
-----Original Message-----
From: Paul Gonin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 2:02 PM
To: [EMAIL PROTECTED]
Subject: Deny web-inf access (security problem)
Hi,
I have a JSP that uses a bean. It uses the following directory structure :
webapps/myapply/myapply.jsp
webapps/myapply/web-inf/classes/mybean.class
It works fine but I am annoyed that people can download the bean directly
and "access" its content because it contains critical information
(passwords).
How do I protect my bean and more generraly I'd like to protect the whole
web-inf directory (if it's possible)
Note : I'm using Tomcat standalone.
Thanks
