Security in web.xml
[122 byte] By [nibr40] at [2007-9-19] 
Hi, It is as far as not being public for on-line viewing. But this does not stop someone from logging onto that machine and taking a peek. That's the way I understand it.best,kev
kwilding2 at 2007-7-5 >
nibr40, as kev already pointed out, it is not bullet proof but at least a container should never serve your web.xml to clients. A quote from the Java Servlet Specification (Version 2.3, Web Applications, SRV.9.5 Directory Structure):
'A special directory exists within the application hierarchy named WEB-INF. This directory contains all things related to the application that arent in the document root of the application. The WEB-INF node is not part of the public document tree of the application. No file contained in the WEB-INF directory may be served directly to a client by the container. However, the contents of the WEB-INF directory are visible to servlet code using the getResource and getResourceAsStream method calls on the ServletContext.'
Of course, a bug in your container implementation could make it possible. Well, nothing is really save today...
HTH, Markus
Howlingmad at 2007-7-5 >
Enterprise & Remote Computing Hot Topic
Enterprise & Remote Computing
Site Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding