What is your juridic requirement exactly? That owner can not inject code
in your webapp?
En l'instant pr?cis du 01/03/07 14:04, Stephan Sch?ffel s'exprimait dans
toute sa noblesse:
> i know this solution is anything but not secure. but the main point
> iin doing this is a juristic question. if someone is able to put a war
> file into the tomcat installed to your computer he can do probably
> anything he wants to your computer. but if he is able to do so, this
> security break is not the concern of me anymore, but the user's of
> this machine.
>
>
> Gregor Schneider wrote:
>
>> Hi Stephan,
>>
>> well, that's awkward.
>>
>> Even if you are able to disable automatic deployment, anybody knowing
>> his ways around Tomcat will be able to change the settings again thus
>> make Tomcat load the other apps :(
>>
>> my idea would be to write a valve checking which apps are installed:
>> If any other then your delivered apps are installed, Tomcat is
>> forwarding the request to a customized error-page.
>>
>> however, even this solution will not prevent anybody from tampering.
>>
>> HTH
>>
>> Greg
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)