Ok, thanks - I see that now. By accessing INDEX.CFM for instance, one gets access to the source as a text file...
I'll add a short note about that to the wiki. /H. -- Hugo Ahlenius fraxinus (at-sign) oxel.net http://www.oxel.net From: [email protected] [mailto:[email protected]] On Behalf Of Adam Haskell Sent: Monday, June 01, 2009 20:31 To: [email protected] Subject: Re: tomcat - symlinks on windows http://tomcat.apache.org/tomcat-5.5-doc/config/context.html >From that page describing allowLinking: If the value of this flag is true, symlinks will be allowed inside the web application, pointing to resources outside the web application base path. If not specified, the default value of the flag is false. NOTE: This flag MUST NOT be set to true on the Windows platform (or any other OS which does not have a case sensitive filesystem), as it will disable case sensitivity checks, allowing JSP source code disclosure, among other security problems. Hope that helps :) Adam On Mon, Jun 1, 2009 at 4:22 AM, Hugo Ahlenius <[email protected]> wrote: Jordan, I saw that you, on the wiki, added a warning that one shouldn't allow symlinks on Windows hosts, in tomcat - do you have any links for that? I did a quick googling, and didn't find anything immediately obvious... Thanks, Hugo -- Hugo Ahlenius fraxinus (at-sign) oxel.net http://www.oxel.net --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
