2010/6/18 Mikolaj Rydzewski <m...@ceti.pl>: > Luca Gervasi wrote: >> >> i can read my /etc/passwd from a malicious jsp. >> Where can i find infos on limiting filesystem access / visibility ? >> >
1st thing to do: run tomcat as user "tomcat" (or whatever username u like) with limited rights - that should at least fix the possibility to cat /etc/passwd cheers gregor -- just because you're paranoid, don't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
