I've just discovered that a number of files within our webapp context are reachable from outside. Not all of them, but a number that really shouldn't be.

By its nature, the webapp itself has its own access control, based on the outside resource it accesses, rather than on, say, tomcat-users.xml

What controls browser access to static files in a Tomcat context? Where can I learn more about this, and how to restrict it?


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to