Good plan. Thanks Tim, didn't think of that one.
Tim Funk wrote: > Place it in WEB-INF (or a subdirectory in WEB-INF) > > -Tim > > Duncan wrote: > > > So how does one get around this issue > > > > ie, how do you have an include file that is not accessable by a user, do people > > set up a secure folder for these? > > > > Any suggestions? > > - Duncan > > > > Tim Funk wrote: > > > > > >>I would think this is a security fix. (Or a bug fix) I am surprised this was > >>allowed in 4.0. > >> > >>-Tim > >> > >>Duncan wrote: > >> > >> > >>>When using Tomcat 4.0, I was able to include files in a directory above > >>>my public web directory, but with tomcat 4.1, when I try to run the same > >>>jsp, I get the error: > >>> > >>>org.apache.jasper.JasperException: /main.jsp(3,0) File > >>>"../Private/NormalTemplate.inc" not found > >>> > >>>All casing etc is correct. > >>> > >>>Is this a security fix, or should this still be possible? > >>> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
