> From: R. S. Patil [mailto:kpr.rspa...@gmail.com] > Subject: Security Query. > > In some discussion i heard that the WEB-INF contents can not be > accessed from Internet at all.
The servlet spec requires that the servlet container (Tomcat) prevent direct access to WEB-INF. > How far this is true ? Completely, as far as Tomcat is concerned. If you have an alternative means of accessing the host (e.g., httpd, SMB, NFS) and you have not configured such alternatives correctly, there may be other ways of reaching the files. Tomcat obviously cannot protect you from mistakes made in other components. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
