Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 10/4/2011 1:31 PM, André Warnier wrote:
Or, wasn't there a possibility to place a symlink within the
webapps dir, and have Tomcat /not/ following it when undeploying ?
Or was that precisely the catch, that it always does ?
Look for "aliases":
http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
Thanks. Seen. Lea, do you follow ?
By the way, in that same page, the next item is :
quote
allowLinking
If the value of this flag is true, symlinks will be allowed inside the web application,
pointing to resources outside the web application base path. If not specified, the default
value of the flag is false.
NOTE: This flag MUST NOT be set to true on the Windows platform (or any other OS which
does not have a case sensitive filesystem), as it will disable case sensitivity checks,
allowing JSP source code disclosure, among other security problems.
unquote
Is this second paragraph really well-placed there ?
Does allowLinking really influence case-sensitivity ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
