As you can see, the jsp only contains a line of code <%= new java.util.Date() %>. I haven't set the content type in the jsp and it can be run at http://company.com/examples/test.jsp. However source code exposure at http://company.com//examples/test.jsp. I wonder why the "/" will cause source code exposure. Is it a bug or configuration missing of tomcat? Anyone can help to stop source code exposure.
Thanks, unplug jerome moliere wrote: > > unplug wrote: > > >HI all, > > > > I am using Fedora Core 1 with tomcat 4.1.29, apache 2.0.48 and > >mod_jk2. I have created a simple jsp (code listed below) and put it > >under $CATALINA_HOME/webapps/examples. > > > >code: > >file name: test.jsp > ><%= new java.util.Date() %> > > > > It can be accessed in the browser using the following link > >http://company.com/examples/test.jsp > > > > However, its source code will be exposed when I type the following. > >http://company.com//examples/test.jsp > > > > How can I configure it to prevent such exposure? Anyone can give me > >an advise. > > > > > I guess taht your JSP doesn't specify the content for the response so the browser doesn't layout the HTML but show the code source instead... > So try to fix the content type in your response to text/html > HTH > Jerome --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
