I've just discovered that a number of files within our webapp context
are reachable from outside. Not all of them, but a number that really
shouldn't be.
By its nature, the webapp itself has its own access control, based on
the outside resource it accesses, rather than on, say, tomcat-users.xml
What controls browser access to static files in a Tomcat context? Where
can I learn more about this, and how to restrict it?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
