-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Philip,
Philip Wigg wrote: |> I strongly advise against doing this. Unless you know *exactly* what you are |> doing it is far too easy to open a whole can of security worms, the most |> regularly seen of which is source code disclosure of all of the JSPs on the |> site. | | Even if I have:- | | JkMount /*.jsp my-worker | JkMount /*.do my-worker | JkMount /my/servlet* my-worker A request to /WEB-INF/web.xml can yield a great deal of interesting information about your web app. Even better, request /META-INF/context.xml and you can probably see the password used to access your database. :( - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkg2zi8ACgkQ9CaO5/Lv0PAbCwCgwzLkCZG0CY370ASbiBa+EJK6 R6AAn1f0Un3lQWd4CTtFk18d3emJ8/Nm =7w6n -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
