What is your juridic requirement exactly? That owner can not inject code in your webapp? En l'instant précis du 01/03/07 14:04, Stephan Schöffel s'exprimait dans toute sa noblesse: > i know this solution is anything but not secure. but the main point > iin doing this is a juristic question. if someone is able to put a war > file into the tomcat installed to your computer he can do probably > anything he wants to your computer. but if he is able to do so, this > security break is not the concern of me anymore, but the user's of > this machine. > > > Gregor Schneider wrote: > >> Hi Stephan, >> >> well, that's awkward. >> >> Even if you are able to disable automatic deployment, anybody knowing >> his ways around Tomcat will be able to change the settings again thus >> make Tomcat load the other apps :( >> >> my idea would be to write a valve checking which apps are installed: >> If any other then your delivered apps are installed, Tomcat is >> forwarding the request to a customized error-page. >> >> however, even this solution will not prevent anybody from tampering. >> >> HTH >> >> Greg > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
