-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip,
Philip Wigg wrote:
|> I strongly advise against doing this. Unless you know *exactly* what
you are
|> doing it is far too easy to open a whole can of security worms, the most
|> regularly seen of which is source code disclosure of all of the
> I strongly advise against doing this. Unless you know *exactly* what you are
> doing it is far too easy to open a whole can of security worms, the most
> regularly seen of which is source code disclosure of all of the JSPs on the
> site.
Even if I have:-
JkMount /*.jsp my-worker
JkMount /*.do m
Christopher Schultz wrote:
Philip,
Philip Wigg wrote:
| are there any reasons why Apache and Tomcat cannot share the same web
| root folder, presuming that I exclude access to WEB-INF?
Nope, you should be good.
I would also restrict access to META-INF, and if you have any files that
should not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip,
Philip Wigg wrote:
| are there any reasons why Apache and Tomcat cannot share the same web
| root folder, presuming that I exclude access to WEB-INF?
Nope, you should be good.
I would also restrict access to META-INF, and if you have any fi
