As long as you protect your WEB-INF and META-INF directories with the appropriate Apache directives, and your connector mapping is correct, and you don't use the Invoker servlet, you're good to go.
All of my virtual hosts have the Apache DocumentRoot setup that way.
John
Chad Arimura wrote:
I'm new to tomcat so this question might not make sense.
Is it a security risk (or a bad practice) to make the appbase of both apache httpd and Tomcat the same? To me, it seems logical because then I can serve .jsp files through Tomcat, and all other content through httpd without having to put these contents in different directories... (eg /var/www/myApp and /usr/tomcat/myApp).
I'm using Tomcat 4.1, Apache 2, and jk2.
Thanks, Chad Arimura AllDorm Inc.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]