tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Gainty" <mgai...@hotmail.com>
Subject Re: Philamasophical question META-INF
Date Fri, 27 Oct 2000 14:47:19 GMT
Honourable Barrister--

Is/Are there any <presumably default> configuration option<s> which Tomcat
uses to specifically protect
META-INF from client access?

Martin--
----- Original Message -----
From: "Caldarale, Charles R" <Chuck.Caldarale@unisys.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Friday, October 26, 2007 10:28 AM
Subject: RE: Philamasophical question META-INF


> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Philamasophical question META-INF
>
> Storing stuff in WEB-INF should be just fine -- I would stick
> to WEB-INF instead of META-INF.

According to the Servlet spec, both WEB-INF (SRV.9.5) and META-INF
(SRV.9.6) must be protected by the container from being directly served
to clients.  (Based on the wording in the spec, a lawyer could argue
that META-INF is only protected when the app is packaged in a .war file,
if you want to be nit-picky.)

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message