Set up a directory outside your tomcat directory to contain java class
files, and include that directory in your classpath.  Keep it outside of
your Apache directory as well.

-----Original Message-----
From: Paul Gonin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 2:02 PM
To: [EMAIL PROTECTED]
Subject: Deny web-inf access (security problem)


Hi, 

I have a JSP that uses a bean. It uses the following directory structure :
    webapps/myapply/myapply.jsp
    webapps/myapply/web-inf/classes/mybean.class

It works fine but I am annoyed that people can download the bean directly
and "access" its content because it contains critical information
(passwords). 

How do I protect my bean and more generraly I'd like to protect the whole
web-inf directory (if it's possible)

Note : I'm using Tomcat standalone.

Thanks 

Reply via email to