K A wrote:
Oh, really? I just guessed that if the user could see the absolute url to
used/available files in the application (jsp- or pdf-files) then it was also
possible that the user could compromise the files in that directory, overwrite
them or even save new files. But you state that users can NOT save new files in
a directory. Then they can NOT do any of the other stated actions, right? Or
have I misunderstood?
Unless users have access to these directories/files by another way than through Tomcat,
there is no way for them, using Tomcat, to modify any of these directories/files, even if
they can see them through their web browser and Tomcat.
Unless one of your Tomcat-based applications allows them to do that of course.
An example of how users could modify those files :
if the directories where those files are, are shared as network directories, and users
have direct access to these directories through e.g. Windows Explorer, then of course
there is nothing that Tomcat can do to protect them.
Maybe to clarify another aspect :
The Tomcat process itself runs under some user-id. All web applications running under
Tomcat "run as" this same user-id. It does not matter which web user is accessing the
Tomcat application; any file access by a Tomcat web application always happens under the
user-id of Tomcat.
The web user's user-id is purely a matter for Tomcat, to allow/disallow access to some
resource and return a copy of it to the user through HTTP, or return a "forbidden"
response. But when Tomcat reads the resource from disk, it always reads it as "tomcat"
(that is, the user-id under which tomcat is started).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
