In Java, while using Glassfish Server, we could only save files relative to our web application root. Thus you cannot directly save file on eg c:\program files\abc.txt whereas with php this is working. Is it valid? One should not be able to refer any location on hard disk outside web application root (unless you are using Virtual directory). Why are there so contradictory principles?
In Java, while using Glassfish Server, we could only save files relative to our
Share
It’s a security feature of Glassfish (via the security features of the JVM). You can disable it if you really want, but the idea is that even if you’ve got some nasty security exploit in your web app, that shouldn’t compromise the rest of the box if it can be stopped.
I don’t know whether PHP has such a feature at all – web application containers can do this (and similar things) reasonably easily due to the rest of the sandboxing of Java and the security managers available.