Hi, I have occasionally discovered that the 'admin' app reveals its jsp folders' contents without any password. And allows reading jspf sources afterwards... Is it intended? ;)
And maybe a more general question - is it sound to have the default servlet 'listings' defaulting to 'true'? Perhaps it might be more safe to explicitly allow browsing where necessary? Regards, Serge --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]