Security and no WEB-INF access
Posted on 2003-03-13
I am a gold member of addr.com and they have a setup where they lock off write access to the WEB-INF directory as root, but then allow access to a WEB-INF->servlets directory. The end result of this as far as I can tell is that you can't use your own web.xml file.
I am concerned about this in two ways. I wanted to use JSP tags, but it seemed to need the web.xml file and I also am more concerned about security. I may decide to host secure information and am not sure if I can do so well despite them having .htaccess and SSL.
They use somewhat outdated versions across their servers:
- servlet 2.2
- jsp 1.1
- MySQL version 3.23.41
I am looking for ideas on how to create a secure site with these limitations. If you see this as being hopeless, maybe you have ideas on a much more secure, reasonably priced, performant hosting company. It would be a pain to move now, but I may have to do it.
thank you for your help