You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Ushakov, Sergey N" <us...@int.com.ru> on 2004/06/21 22:34:33 UTC
/admin/users/ is open for source browsing
Hi,
I have occasionally discovered that the 'admin' app reveals its jsp folders'
contents without any password. And allows reading jspf sources afterwards...
Is it intended? ;)
And maybe a more general question - is it sound to have the default servlet
'listings' defaulting to 'true'? Perhaps it might be more safe to explicitly
allow browsing where necessary?
Regards,
Serge
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org