Thanks Chuk, >> In some discussion i heard that the WEB-INF contents can not be >> accessed from Internet at all. > > The servlet spec requires that the servlet container (Tomcat) prevent direct > access to WEB-INF. > >> How far this is true ? > > Completely, as far as Tomcat is concerned. If you have an alternative means > of accessing the host (e.g., httpd, SMB, NFS) and you have not configured > such alternatives correctly, there may be other ways of reaching the files. > Tomcat obviously cannot protect you from mistakes made in other components. >
So what I have understood is if only tomcat is installed on webserver i.e. No samba, nfs, FTP, apache web server etc. etc. then even hackers can not access WEB-INF folder so I can keep JDBC database connection info in that folder as plain text file. The only accessible part of application will be the context root i.e. folder above WEB-INF folder. BTW can u suggest some good book/study material on tomcat for a newbie. Thanks once again and regards. RAJA --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
