Monday, July 15, 2002 07:43 AM
I have a web application "petstore" deployed on the IBM WebSpere. Suppose "user1" created a confidential file call "executive.pdf" and store in the directory "temp" that is under the application root directory. Suppose "user2" has access to the "petstore" applicaton, then "user2" can access "executive.pdf" by entering URL "http://
:9080/petstore/temp/executive.pdf" if he or she somehow come to know the file name.
Is there any way to secure files such that files created by one user can not be seen by other users that are using the same web application?