You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Paul Libbrecht <pa...@ags.uni-sb.de> on 2000/08/22 02:13:18 UTC
WEB-INF is readable ??
Hi all,
I seem to be able to read WEB-INF/web.xml from an http request ???
isn't that something completely anti servlet 2.2 ??
Paul
Re: WEB-INF is readable ??
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Paul Libbrecht wrote:
> Hi all,
>
> I seem to be able to read WEB-INF/web.xml from an http request ???
>
> isn't that something completely anti servlet 2.2 ??
>
If your client can do a request like this:
http://localhost:8080/WEB-INF/web.xml
and get output instead of an error message, that is against the spec and
is a bug. However, nothing stops your application's servlets from using
getResource() or file I/O to read the contents of files under WEB-INF.
How are you trying to access it?
>
> Paul
>
Craig McClanahan