Hi I'm concerned that a couple of the replies look exploitative and will not be giving out the web address. But I'm genuinely seeking an answer, as I was able to open the web.xml file under the WEB-INF dir and read confidential parameters.
I have been blithely telling clients that the big advantage of Java servlets is that they're much better and more secure than Asps, an uphill task in this MS world. Like Gin Chen, I was always thought this area was protected, a strong point in servlets usage. I'm so concerned that I'm now planning to go back over my own non-intranet servlet work to see if any of mine are similarly 'open access'. I deal with small businesses who have various webserver setups, outside my control. So how can this happen, that the web.xml can be read. Cheers, Lucy ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
