> From: Tim Lucia [mailto:[EMAIL PROTECTED]
> If you ask for /path/to/some.JSP, you will see the source
> code of the jsp,
> since the jsp compiler is mapped to *.jsp (and not *.JSP).
Presumably [I haven't tested this] detection of accesses to WEB-INF and
META-INF will also fail, exposing the webapp's configuration files to
scrutiny. These can include database connection details, passwords, and
similar, even if those are not present in the JSPs.
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
