You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Martin Marinschek (JIRA)" <de...@myfaces.apache.org> on 2006/02/08 08:00:12 UTC

[jira] Closed: (MYFACES-1008) security bug of myfaces

     [ http://issues.apache.org/jira/browse/MYFACES-1008?page=all ]
     
Martin Marinschek closed MYFACES-1008:
--------------------------------------


> security  bug of myfaces
> ------------------------
>
>          Key: MYFACES-1008
>          URL: http://issues.apache.org/jira/browse/MYFACES-1008
>      Project: MyFaces
>         Type: Bug
>   Components: Tomahawk
>     Versions: 1.1.1
>  Environment: windows 2000 ;
> SUN JDK1.4.0.3 ;
> Tomcat 5.0.28
>     Reporter: lantian
>     Assignee: Dennis Byrne
>     Priority: Critical
>      Fix For: Nightly

>
> FACES SERVLET  is not secure when useing prefix mapping such as    /faces/* .
> users can access any contents in  WEB-INF directory.
> try following in your faces website  :
> http://localhost/mywebsite/faces/WEB-INF/web.xml
> http://localhost/mywebsite/faces/WEB-INF/lib/

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira