Jim Barrows wrote:
Any of the security manager related files. I don't know what they are off the top of my head. That's what it sounds like to me anyway, since Tomcat does not normally exclude WEB-INF, it's something outside tomcat.
I would expect that there would be some sort of explicit exclusion affecting "WEB-INF" and that this should appear somewhere in the Tomcat configuration files. So far, I've been unable to find any references to "WEB-INF" that involves anything security related. This was the result of examining all files found doing a brute-force search of files in the file system.
-- Chuck Chopp
ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651
Do not send me unsolicited commercial email.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]