However it still lets anyone get a listing of all editable files by
virtue of the fact that GET and POST methods have no constraints applied
to them.
hm .. you can turn of the listings in your web.xml
<servlet>
<servlet-name>bla</servlet-name>
<servlet-class>bla</servlet-class>
<init-param>
<param-name>listings</param-name>
<param-value>false</param-value>
</init-param>this is actually a standard servlet setting (for GET and POST), regrettably, if you do this, it also disables the webdav PROPFIND method (which generates the webdav listings).
there is some logic in there. somewhere.
it would probably be more correct to create two entries to the same data; one is 'public', port 80, standard HTTP, the other one is 'private', port 78456384578, behind a firewall, locked with 10 passwords and WebDav HTTP.
does that make any sense ?
*pike ===== aRt&D =====
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
