[Wrapper-user] Wrapper flagged by security scanner

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Programmers at our site are running the "wrapper" tool.  Our security
scanner flagged this as a threat because it was able to use the "../../"
syntax to pull any random file (including the password file) off of the
server via HTTP.  I am not JAVA-literate.  Can anyone point me into the
right direction as far as how to configure wrapper to limit the
directory tree that it can see on this server?  I know how to do this in
Apache, but wrapper appears to be running on its own TPC/IP port without
using a web server as a front end.

-john-