Em Tue, 25 Aug 2009 10:25:21 -0300, Onno Scheffers <o...@piraya.nl>
escreveu:
Apparently it does, since Christian also provided example-links.
I stand corrected.
I just checked and I can also publicly access resources like the web.xml
and hibernate.cfg.xml on a webapp that is already in production using
Tapestry 5.0.18. This is a *VERY* high priority security-issue with
Tapestry IMO.
Have you ever found some insecure resource URL that doesn't include
WEB-INF on it?
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org