On Sun, Oct 29, 2006 at 02:33:31PM -0600, Caldarale, Charles R wrote: > > > > I mean with a jsp code you can see/write file can a user > > write outside the webapps defined in the server.xml? > > Certainly code in a .jsp or servlet can read or write anywhere that > Tomcat's userid is allowed to (subject to JVM security policies, of > course). Anyone stupid enough to put code in a webapp that allows end > users to read or write in arbitrary locations deserves what they get.
Charles, you're missing his point. His "user" is not a website user, it's a _tomcat_ user. I.e. someone that is allowed to deploy an application on the app server. > > From: mast [mailto:[EMAIL PROTECTED] > > Subject: Re: permission on server.xml > > i ask this because i have already a server with customer > > that with a simple jsp code write file into the conf or > > bin directory (and the user was under a webapps) You probably need to run a separate tomcat instance for each customer. eric --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]