You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Oleg Tkachenko <ol...@multiconn.com> on 2002/06/26 15:08:18 UTC

security problem, 4.04

Hello!

I have some security problem on my web hosting using tomcat 4.04. It seems to 
me java classes loaded from WEB-INF/classes has much more permissions than 
those loaded from jars in WEB-INF/lib. My hosting admin said my policy is

grant codeBase "file:/home/virtual/site16/fst/var/www/html/-" {
     permission java.net.SocketPermission "*", "connect";
     permission java.util.PropertyPermission "*", "read,write";
permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
permission java.io.FilePermission "/home/virtual/site16/fst/var/www/html/-",
"read,write,delete";


};

My WEB-INF directory is inside /home/virtual/site16/fst/var/www/html at the 
server. Servlet from WEB-INF/classes able to read system properies, but the 
same servlet being jared to WEB-INF/lib is not able. How can one grant the 
same permissions to both classes and lib dirs?

-- 
Oleg Tkachenko
Multiconn International Ltd, Israel


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>