rmbrowngr
Posts: 12
|
| Posted: 03/20/2006, 6:58 AM |
|
I need to hide the XML files of codecharge when published to Tomcat 4.1.31, because anyone can download or view them. This is a serious security problem for commerical applications.
|
 |
 |
peterr
Posts: 5971
|
| Posted: 03/20/2006, 1:02 PM |
|
Shouldn't this be configured on the Web server? I don't use Tomcat, but in most Web servers it's possible to select which file types should be accessible via the Web.
Actually I'm not sure if there is any other way to prevent access to file types since there is no program involved in this - just the Web server.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
miko
Posts: 50
|
| Posted: 03/21/2006, 1:37 AM |
|
'Project Settings' -> 'Server/Scripts' -> 'Template Folder' is used as path to store xml models.
I tru to use 'WEB-INF\models' to store models.
_________________
Regards,
Michael |
|
|
|
WKempees
|
| Posted: 03/21/2006, 2:29 AM |
|
A general remark:
Put an empty index.html in the directory where your templates are stored.
(or one containing some text or a redirect to the main page, or whatever)
From reading your post the main problem is that if you point the browser to
the template directory it will display its content as a directory listing.
Putting an empty file called index.html in will prevent that.
(Not specific to Tomcat, so might differ)
Walter
"rmbrowngr" <rmbrowngr@forum.codecharge> schreef in bericht
news:9441ec333c7abd@news.codecharge.com...
>I need to hide the XML files of codecharge when published to Tomcat 4.1.31,
> because anyone can download or view them. This is a serious security
> problem
> for commerical applications.
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
|
