> From: mast [mailto:[EMAIL PROTECTED] > Subject: Re: permission on server.xml > > I mean with a jsp code you can see/write file can a user > write outside the webapps defined in the server.xml?
Certainly code in a .jsp or servlet can read or write anywhere that Tomcat's userid is allowed to (subject to JVM security policies, of course). Anyone stupid enough to put code in a webapp that allows end users to read or write in arbitrary locations deserves what they get. > i ask this because i have already a server with customer > that with a simple jsp code write file into the conf or > bin directory (and the user was under a webapps) That's an error on the part of the Tomcat administrator for deploying such a horrendous webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
