[ http://issues.apache.org/jira/browse/MYFACES-1008?page=all ] Martin Marinschek closed MYFACES-1008: --------------------------------------
> security bug of myfaces > ------------------------ > > Key: MYFACES-1008 > URL: http://issues.apache.org/jira/browse/MYFACES-1008 > Project: MyFaces > Type: Bug > Components: Tomahawk > Versions: 1.1.1 > Environment: windows 2000 ; > SUN JDK1.4.0.3 ; > Tomcat 5.0.28 > Reporter: lantian > Assignee: Dennis Byrne > Priority: Critical > Fix For: Nightly > > FACES SERVLET is not secure when useing prefix mapping such as /faces/* . > users can access any contents in WEB-INF directory. > try following in your faces website : > http://localhost/mywebsite/faces/WEB-INF/web.xml > http://localhost/mywebsite/faces/WEB-INF/lib/ -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
