You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Oleg Tkachenko <ol...@multiconn.com> on 2002/06/26 15:08:18 UTC
security problem, 4.04
Hello!
I have some security problem on my web hosting using tomcat 4.04. It seems to
me java classes loaded from WEB-INF/classes has much more permissions than
those loaded from jars in WEB-INF/lib. My hosting admin said my policy is
grant codeBase "file:/home/virtual/site16/fst/var/www/html/-" {
permission java.net.SocketPermission "*", "connect";
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission java.io.FilePermission "/home/virtual/site16/fst/var/www/html/-",
"read,write,delete";
};
My WEB-INF directory is inside /home/virtual/site16/fst/var/www/html at the
server. Servlet from WEB-INF/classes able to read system properies, but the
same servlet being jared to WEB-INF/lib is not able. How can one grant the
same permissions to both classes and lib dirs?
--
Oleg Tkachenko
Multiconn International Ltd, Israel
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>