Hi

I found out that we run our tomcat as user root, and in
plain jsp I'm able to trash /etc/passwd :-)

what is the advised setup for a tomcat server that
is shared by several users (contexts) and runs
some virtual domains ?

thanks,
*pike

==========
Aoccdrnig to rscheearch at Cmabrigde Uinervtisy,
it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny
iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae.
The rset can be a total mses and you can sitll
raed it wouthit porbelm. Tihs is bcuseae the huamn mnid deos not
raed ervey lteter by istlef, but the wrod as a wlohe.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)