-----BEGIN PGP SIGNED MESSAGE----- On Tuesday 18 May 2004 20:29, QM wrote: > On Tue, May 18, 2004 at 01:47:32PM -0500, Filip Hanik - Dev wrote: > : The safest bet is to write to the user's (the user running your tomcat) > : home directory. The property is user.home > : (System.getProperty("user.home") > > Not always. > Put another way, this would be more "specific instructions" you'd have > to send to the remote admins, which you mentioned you weren't too keen > on providing (since they wouldn't be followed). > > In some security-conscious environments, admins want generic users > to have as few writable spaces as possible. > > e.g. the home dir for the tomcat user could be "/dev/null," or just a > non-writable dir with some local defaults. > > What about using a specific subdirectory of the temp dir, I believe it's > sys property "temp.dir" or "tmp.dir"? This would also permit the cached > data to be cleared in the event of trouble, and when the machine > rebooted (under Solaris, or any other setup that uses a memory-based fs > for /tmp).
Yup, this sounds a good solution, at least for cached part-computations (e.g. regularly requested query results) which I do a lot. It doesn't deal with the problem of uploaded data. I suppose the 'correct' thing to do with that is shove it into the database, but I'm still unwilling if I can find a way around. Yoav Shapira's suggestion of using env-entry in the web.xml looks most promising to me because I already have an interactive process which pastes user supplied values into a web.xml template prior to the war being packed for delivery, and the path to a persistent writable directory could be one of the parameters I ask for. - -- [EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/ There's nae Gods, an there's precious few heroes but there's plenty on the dole in th Land o th Leal; And it's time now, tae sweep the future clear o th lies o a past that we know wis never real. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBQKp7p3r1UrYJMbiJAQGWqQQAz4AzrqBbmVEUqqtmCEHMHaZgwo0Ep0oi 2hVc513b8/Ol0Jg4l1d2vkMDZwBqdhP4TXZnO3/eQYWSxKQC4D4lD8U4B3DILIsE YwyOP84OdwnfF3kNaaoKKGFylPzSjayZcTFNeuEzQx5TRRKkHJEzoEM7KQP/tFAH 8fBlv+JKYAc= =6wVL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]