Jim Barrows wrote:

Any of the security manager related files. I don't know what they are off the top of my head. That's what it sounds like to me anyway, since Tomcat does not normally exclude WEB-INF, it's something outside tomcat.

I would expect that there would be some sort of explicit exclusion affecting "WEB-INF" and that this should appear somewhere in the Tomcat configuration files. So far, I've been unable to find any references to "WEB-INF" that involves anything security related. This was the result of examining all files found doing a brute-force search of files in the file system.



-- Chuck Chopp

ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com

RTFM Consulting Services Inc.     864 801 2795 voice & voicemail
103 Autumn Hill Road              864 801 2774 fax
Greer, SC  29651

Do not send me unsolicited commercial email.


--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to