tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Haledor wow <>
Subject Security of WEB-INF content
Date Fri, 29 Oct 2010 11:30:10 GMT

I have read in various forums that there are situations where the content of
WEB-INF can be accessed. Some people say that it is good practice to hide
sensitive files in WEB-INF and some say it might not be...

I am using Tomcat 6.0 and I am worried someone could access some of my
sensitive files located inside the WEB-INF folder. Could you explain to me
whether this is possible or not. Do i need to obfuscate the content of the
files in WEB-INF?

With best regards,
Peter Hallbeck

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message