yes, nothing to hide here. :) But your are right, I have to change the way this demo produce partial html files to AngularJS. In a real project those files have to be served by Apache.
2014-06-09 10:42 GMT+02:00 Lance Java <lance.j...@googlemail.com>: > Oops. It's private... Please ignore ;) > On 9 Jun 2014 09:31, "Lance Java" <lance.j...@googlemail.com> wrote: > > > FYI - This app seems to have a security hole. Index.java has an action > > which accepts a file path and serves a file from the classpath. > > > > I could use this to access .class files etc. Perhaps even your hibernate > > cfg file with username password. > > >
