Steve Kirk wrote:
Have you considered that you can remove much of the dynamic config from conf\web.xml so that there is no default servlet or other dynamic behaviour in any webapp unless you explictly configure it so in the webapp's own web.xml?
Right, but say an evil user creates a WEB-INF/web.xml in their VHost with whatever they want?
best, -Rob --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
