> From: Tim Lucia [mailto:[EMAIL PROTECTED] > If you ask for /path/to/some.JSP, you will see the source > code of the jsp, > since the jsp compiler is mapped to *.jsp (and not *.JSP).
Presumably [I haven't tested this] detection of accesses to WEB-INF and META-INF will also fail, exposing the webapp's configuration files to scrutiny. These can include database connection details, passwords, and similar, even if those are not present in the JSPs. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]