Luca Gervasi wrote:
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
Google for SecurityManager. Check conf/catalina.policy file within
tomcat installation.
If you are really concerned about security and you have to run
untrustred java code than you should run every webapp in chroot/jail
within it's own JVM.
--
Mikolaj Rydzewski <m...@ceti.pl>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
