> From: jamana ramesh [mailto:ramesh.jam...@gmail.com] > Subject: Re: Tomcat Secuirty Problem
> I am new to Tomcat server. And unaware of basic etiquette: 1) Don't cross-post. 2) Always provide the exact Tomcat version, JVM level, and OS you're running on. > This application has to decrypt some files and store > in a temp folder. I have created a folder with name > "temp' in WEB-INF folder of my applciation. That's a really, really bad idea - you should never try to write into the webapp's deployment directory. You have no guarantee that there even is a deployment directory, or even a file system. The servlet specification requires that the container (Tomcat, in this case) provide a scratch area for just this purpose. Read section 4.7.1 of the servlet spec, which states, in part: "A temporary storage directory is required for each servlet context. Servlet containers must provide a private temporary directory for each servlet context, and make it available via the javax.servlet.context.tempdir context attribute. The objects associated with the attribute must be of type java.io.File." - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
