In theory at least, no, nobody can view your files.
Tomcat protects its config files and anything under WEB-INF .
Does this mean it's 100% impossible? Certainly not. On the internet,
nothing is impossible.
Mostly, don't make some stupid configuration mistake (like mapping your
TOMCAT/conf directory into apache or something) that is akin to the cgi
problems of days of yore.
fillup
On 5/29/02 9:32 AM, Daniel Hinojosa [EMAIL PROTECTED] wrote:
Given that a firewall blocks everything except port 8080 (Tomcat) and 80
(Apache). Can someone crack in to view the server.xml. This assumes
that the cracker already know that it is Tomcat running (perhaps by
noticing .jsp).
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]