You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Paul Libbrecht <pa...@ags.uni-sb.de> on 2000/08/22 02:13:18 UTC

WEB-INF is readable ??

Hi all,


I seem to be able to read WEB-INF/web.xml from an http request ???

isn't that something completely anti servlet 2.2 ??

Paul

Re: WEB-INF is readable ??

Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.

Paul Libbrecht wrote:

> Hi all,
>
> I seem to be able to read WEB-INF/web.xml from an http request ???
>
> isn't that something completely anti servlet 2.2 ??
>

If your client can do a request like this:

    http://localhost:8080/WEB-INF/web.xml

and get output instead of an error message, that is against the spec and
is a bug.  However, nothing stops your application's servlets from using
getResource() or file I/O to read the contents of files under WEB-INF.
How are you trying to access it?

>
> Paul
>

Craig McClanahan