> From: Christopher Schultz [mailto:[EMAIL PROTECTED] > Subject: Re: Tomcat Security Problem > > You could turn off automatic deployment of WAR files and > configure each "known" application in your server.xml file.
Apps should not be configured in server.xml (you gotta move up, Chris :-). However, the principle is valid - the <Context> elements should go into appropriately named .xml files in conf/[engine]/[host], and access to that directory should be tightly controlled. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]