Thanks for the info. While the developers are looking at the app I've added a simple url-mapping that redirects the users to a login servlet that keeps them out of that directory.
Cheers - Steve On Thu, 6 Nov 2003, Shapira, Yoav wrote: > > Howdy, > It's a problem with your directory structure or your security > configuration in web.xml, or both. Perhaps moving the symlink so that > it's under WEB-INF is enough for your needs. > > Yoav Shapira > Millennium ChemInformatics > > > >-----Original Message----- > >From: Steve Harris [mailto:[EMAIL PROTECTED] > >Sent: Thursday, November 06, 2003 4:04 PM > >To: [EMAIL PROTECTED] > >Subject: symbolic links and applications > > > >Hi, > > > >I have an application running under tomcat that stores a bunch of files > in > >a directory. In the normal everyday use of the application users login > to > >the app and then can get at these files. However if a user figures out > >the URL then they can browse directly to the location of the files > without > >logging into the application. BTW the path to the files is a symbolic > >link in the ...../webapps/app/ directory, pointing to the real location > of > >the data. > > > >Does anyone have aview whether this is a problem with the application > >itself or with the tomcat config. > > > > > >Cheers all - Steve > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > This e-mail, including any attachments, is a confidential business communication, > and may contain information that is confidential, proprietary and/or privileged. > This e-mail is intended only for the individual(s) to whom it is addressed, and may > not be saved, copied, printed, disclosed or used by anyone else. If you are not > the(an) intended recipient, please immediately delete this e-mail from your computer > system and notify the sender. Thank you. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
