|
i've just spent the last 30 minutes trying to
figure out the entries in server.xml (in particular those isWARxxx entries) and
i've looked everywhere (that i could think of) for info (altavista, jakarta
site, faq-o-matic, faq that ships with tomcat, divine inspiration, Ouija board,
...) on how to stop Tomcat from servicing up directory listings. i know
one solution would be to not do this: ApJServMount /myservlets /root, but
instead map it to something more tangible, but i want reasonably transparent
support for JSPs and it's bad enough having to remember to always add /servlet/
to all my servlet invocations (i know, gripe, gripe, gripe).
so my question is - how do i prevent Tomcat from
reading directories and offering ftp-like interfaces to those directories.
looks like a security hole just waiting to happen... and while we're on
the subject, where is the specification (don't tell me server.dtd - i looked
there too) for the entries in server.xml?
thanks! (felt
good to gripe and get that out, even if nobody knows the answers).
:)
|
