You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Ushakov, Sergey N" <us...@int.com.ru> on 2004/06/21 22:34:33 UTC

/admin/users/ is open for source browsing

Hi,

I have occasionally discovered that the 'admin' app reveals its jsp folders'
contents without any password. And allows reading jspf sources afterwards...
Is it intended? ;)

And maybe a more general question - is it sound to have the default servlet
'listings' defaulting to 'true'? Perhaps it might be more safe to explicitly
allow browsing where necessary?

Regards,
Serge


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org