Hi,
I have a question regarding Tomcat server UserDatabase
on Linux.
When choosing a MemoryUserDatabase, tomcat users and
passwords are declared in a tomcat-users.xml file. The
tomcat user running the server must have read
permission on this file.
At the same time, all webapps running in tomcat are
running under the same Linux user ('tomcat'). So any
webapp can access this file and display its content.
My app is hosted on a shared Linux server. With the
present configuration, I can retrieve this file and
display every user login/password, then if I wanted
to, I could go into somebody else' webapp manager and
undeploy it.
I am a bit worried that somebody would do that to
me...
Is there a way to ensure that only the root user can
read this file ?
Thanks
Jerome
Jerome Benezech
[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
