Luca Gervasi wrote:
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
Google for SecurityManager. Check conf/catalina.policy file within
tomcat installation.
If you are really concerned about security and you have to run
untrustred java code than you should run every webapp in chroot/jail
within it's own JVM.
--
Mikolaj Rydzewski <[email protected]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
