David,
For security, web applications aren't allow to access files outside
of the web application. That is why /WEB-INF/../env.xml is okay
and /WEB-INF/../../env.xml isn't.
Larry
-----Original Message-----
From: David Soroko [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 13, 2001 7:53 AM
To: [EMAIL PROTECTED]
Subject: Unsafe path ?
Hi all
>From within a servlet I am trying to read a file in the following way
getServletContext().getResourceAsStream(getInitParameter("envFile"));
When the parameter envFile has the value /WEB-INF/../../env.xml
I am getting the following message from Tomcat:
Unsafe path D:\Jupiter\tomcat\webapps\dir1\dir2\dir3 /WEB-INF/../../env.xml
Any ideas why is that?
Interestingly, when the parameter envFile has the value /WEB-INF/../env.xml
Tomcat has no problems reading the file.
This is on Tomcat 3.2/Wintel.
TIA
--
============================================
David Soroko
mailto:[EMAIL PROTECTED]
http://www.geocities.com/SiliconValley/Campus/1628/
Group Manager, Core Technologies
Manna Inc.
============================================
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
