alla winter wrote:
Just do not create files in work readable directory. Store files somewhere outside application directory and display them with some kind of dispatcher servlet.My application can crate report on a fly ( a file) for an authorized clients. The client authentication is conducted by the application and Tomcat is not involved in this process. Other clients may create a file in the same directory, but the application will show the links only to the files that were created by this particular user ( the userID is a part of the file name). How can I ensure that others cannot view this file by just typing the URL in the browser and list all the files under this directory?
-- Mikolaj Rydzewski <[EMAIL PROTECTED]>
smime.p7s
Description: S/MIME Cryptographic Signature
