En l'instant précis du 01/03/07 14:07, Mikolaj Rydzewski s'exprimait dans toute sa noblesse: > Stephan Schöffel wrote: >> if someone is able to put a war file into the tomcat installed to >> your computer he can do probably anything he wants to your computer. > Use security manager. > And run tomcat within a a dedicated account having limited access to system. (Like is done for apache servers if you do not want your users to mess everything using CGI scripts)
Also, if you are under a unix environment, a chroot jail is a very powerful tool. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
