Can someone crack into server.xml?

[Daniel Hinojosa]

Given that a firewall blocks everything except port 8080 (Tomcat) and 80 
(Apache). Can someone crack in to view the server.xml.  This assumes 
that the cracker already know that it is Tomcat running (perhaps by 
noticing .jsp).

-- 
Daniel Hinojosa
Java  XML Consultant | Developer | Instructor

P.O. Box 4675
Albuquerque, NM 87196-4675
Telephone: (505)363-5832 
Fax: (775)261-6331






--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Can someone crack into server.xml?

[Phillip Morelock]

In theory at least, no, nobody can view your files.

Tomcat protects its config files and anything under WEB-INF .

Does this mean it's 100% impossible?  Certainly not.  On the internet,
nothing is impossible.

Mostly, don't make some stupid configuration mistake (like mapping your
TOMCAT/conf directory into apache or something) that is akin to the cgi
problems of days of yore.

fillup


On 5/29/02 9:32 AM, Daniel Hinojosa [EMAIL PROTECTED] wrote:

 Given that a firewall blocks everything except port 8080 (Tomcat) and 80
 (Apache). Can someone crack in to view the server.xml.  This assumes
 that the cracker already know that it is Tomcat running (perhaps by
 noticing .jsp).


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]