You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Terence Dewaele <de...@ze-linux.org> on 2002/03/25 16:13:38 UTC
Understand the security in tomcat
Hello,
I have Apache 1.3.23 + Tomcat 3.3 in the debian linux server.
It's work togheter.
I have configured tomcat for using virtualhost :
-- server.xml --
<Host name="test.felling.org">
<Context path="" docBase="/data/www/test.felling.org" />
<Permission className="java.io.FilePermission" attribute="-" value="read"/>
<Permission className="java.lang.RuntimePermission" attribute="stopThread"/>
</Host>
-- httpd.conf --
<VirtualHost .....>
JkMount /*.jsp ajp13
</VirtualHost>
If i put test.jsp in my test.felling.org and i execute him it's work -> ok
Now if i put <% System.exit(1); %> in my test.jsp and i execute, i d'ont have
security exception, my tomcat was killed !!!!!!
Howto disabled this and get security exception ?
Howto configure a chrooted enviroment to forbidden access reading file in
directory up ?
Thx
P.S:
Sorry for my english :(
---
Térence Dewaele
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>