I'm no expert here, but for the types of things in your example, you need to enable the java system security (also controls access to the filesystem, etc).
You enable this by starting Tomcat with the - security option. The permissions given to your app are defined, I believe, in tomcat.policy (catalina.policy in 4.x) in the conf directory. Take a look at "Using the Java SecurityManager with Tomcat" on the jakarta site http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-security.html Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. > -----Original Message----- > From: Terence Dewaele [mailto:[EMAIL PROTECTED]] > Sent: Monday, March 25, 2002 9:14 AM > To: [EMAIL PROTECTED] > Subject: Understand the security in tomcat > > > Hello, > > I have Apache 1.3.23 + Tomcat 3.3 in the debian linux server. > It's work togheter. > I have configured tomcat for using virtualhost : > > -- server.xml -- > <Host name="test.felling.org"> > <Context path="" docBase="/data/www/test.felling.org" /> > <Permission className="java.io.FilePermission" > attribute="-" value="read"/> > <Permission className="java.lang.RuntimePermission" > attribute="stopThread"/> > </Host> > > -- httpd.conf -- > <VirtualHost .....> > JkMount /*.jsp ajp13 > </VirtualHost> > > If i put test.jsp in my test.felling.org and i execute him > it's work -> ok > > Now if i put <% System.exit(1); %> in my test.jsp and i > execute, i d'ont have > security exception, my tomcat was killed !!!!!! > > Howto disabled this and get security exception ? > > Howto configure a chrooted enviroment to forbidden access > reading file in > directory up ? > > Thx > > P.S: > Sorry for my english :( > --- > T�rence Dewaele > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
