[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: new File(
PeterJ
do-not-reply at jboss.com
Mon Jun 23 17:47:08 EDT 2008
Servlets, EJBs, and their supporting classes can access anything on the server. Unless you are really into setting security permissions, in which case you can limit what they have access to.
But as far as this being a security bug? No, it isn't. A security bug would be if a user could enter a url such as http://hostname:8080/home/xxx/foo.doc to access a document in user xxx's home directory. In other words, only files within a WAR file (not in meta-inf or web-inf), or in a directory set up for static content, should be accessible from a URL to have a secure environment.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160050#4160050
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160050
More information about the jboss-user
mailing list