"André Warnier" <a...@ice-sa.com> wrote: >Christopher Schultz wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> André, >> >> On 10/4/2011 1:31 PM, André Warnier wrote: >>> Or, wasn't there a possibility to place a symlink within the >>> webapps dir, and have Tomcat /not/ following it when undeploying ? >>> Or was that precisely the catch, that it always does ? >> >> Look for "aliases": >> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html >> >Thanks. Seen. Lea, do you follow ? > >By the way, in that same page, the next item is : > >quote > >allowLinking > >If the value of this flag is true, symlinks will be allowed inside the >web application, >pointing to resources outside the web application base path. If not >specified, the default >value of the flag is false. > >NOTE: This flag MUST NOT be set to true on the Windows platform (or any >other OS which >does not have a case sensitive filesystem), as it will disable case >sensitivity checks, >allowing JSP source code disclosure, among other security problems. > >unquote > >Is this second paragraph really well-placed there ?
Yes. >Does allowLinking really influence case-sensitivity ? Yes. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
