-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 18 May 2004 20:29, QM wrote:
> On Tue, May 18, 2004 at 01:47:32PM -0500, Filip Hanik - Dev wrote:
> : The safest bet is to write to the user's (the user running your tomcat)
> : home directory. The property is user.home
> : (System.getProperty("user.home")
>
> Not always.
> Put another way, this would be more "specific instructions" you'd have
> to send to the remote admins, which you mentioned you weren't too keen
> on providing (since they wouldn't be followed).
>
> In some security-conscious environments, admins want generic users
> to have as few writable spaces as possible.
>
> e.g. the home dir for the tomcat user could be "/dev/null," or just a
> non-writable dir with some local defaults.
>
> What about using a specific subdirectory of the temp dir, I believe it's
> sys property "temp.dir" or "tmp.dir"? This would also permit the cached
> data to be cleared in the event of trouble, and when the machine
> rebooted (under Solaris, or any other setup that uses a memory-based fs
> for /tmp).
Yup, this sounds a good solution, at least for cached part-computations (e.g.
regularly requested query results) which I do a lot. It doesn't deal with the
problem of uploaded data. I suppose the 'correct' thing to do with that is
shove it into the database, but I'm still unwilling if I can find a way
around.
Yoav Shapira's suggestion of using env-entry in the web.xml looks most
promising to me because I already have an interactive process which pastes
user supplied values into a web.xml template prior to the war being packed
for delivery, and the path to a persistent writable directory could be one of
the parameters I ask for.
- --
[EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/
There's nae Gods, an there's precious few heroes
but there's plenty on the dole in th Land o th Leal;
And it's time now, tae sweep the future clear o
th lies o a past that we know wis never real.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBQKp7p3r1UrYJMbiJAQGWqQQAz4AzrqBbmVEUqqtmCEHMHaZgwo0Ep0oi
2hVc513b8/Ol0Jg4l1d2vkMDZwBqdhP4TXZnO3/eQYWSxKQC4D4lD8U4B3DILIsE
YwyOP84OdwnfF3kNaaoKKGFylPzSjayZcTFNeuEzQx5TRRKkHJEzoEM7KQP/tFAH
8fBlv+JKYAc=
=6wVL
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
