> From: mast [mailto:[EMAIL PROTECTED] > Subject: permission on server.xml > > Hi, one question i think > exemple we run java with user and group www > server.xml need to be readable for tomcat to work, but each > user that have access to a tomcat account can also read it > with a simple jsp code how can we prevent that ? (or tomcat-user.xml)
How would that "simple jsp code" get into your webapps? Do you allow any user to dump arbitrary code into your system? BTW, tomcat-users.xml must also be writeable by Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]