You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Jim Wight <jw...@telus.net> on 2003/11/23 05:47:13 UTC

Minor Security Detail

Hi

If someone knows my directory structure on the web server; they can go to
that
directory directly and view all the pages and directories below.

Eg.
If I go to the website http://web-foot.com:8080/web-foot I get my home page.
If I go to http://web-foot.com:8080/web-foot/a_directory/ I get a directory
display.

Is there an easy way to fix

Thanks
Jim Wight
http://web-foot.com

RE: Minor Security Detail

Posted by Holger Dewes <h....@insiders.de>.

> -----Original Message-----
> From: Jim Wight [mailto:jwight@telus.net] 
> Sent: Sunday, November 23, 2003 5:47 AM
> To: Jim Wight
> Subject: Minor Security Detail
> 
> 
> Hi
> 
> If someone knows my directory structure on the web server; 
> they can go to that directory directly and view all the pages 
> and directories below.
> 
> Eg.
> If I go to the website http://web-foot.com:8080/web-foot I 
> get my home page. If I go to 
> http://web-foot.com:8080/web-> foot/a_directory/ I get a 
> directory display.
> 
> Is there an 
> easy way to fix

This depends on the configuration of your web server. For tomcat, e.g.,
you have to set

<init-param>
   <param-name>listings</param-name>
   <param-value>false</param-value>
</init-param>

for the default servlet. For other web servers, have a look in the
documentation.

-- 
Holger Dewes


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org