users@glassfish.java.net

Disable directory listings on SJSAS 8.2

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <glassfish_at_javadesktop.org>
Date: Fri, 27 Aug 2010 12:16:35 PDT

On SJSAS 8.2 we just discovered a vulnerability in that WEB-INF directories can be listed when browsing directly to the folder structure of our application.

Is there any sort of robots.txt or htaccess file that is editable on the application server to restrict this?
[Message sent by forum member 'jvermast']

http://forums.java.net/jive/thread.jspa?messageID=481182

This message: [ Message body ]
Next message: glassfish_at_javadesktop.org: "Re: Disable directory listings on SJSAS 8.2"
Previous message: glassfish_at_javadesktop.org: "Re: Creating User to login into Admin Console"
Next in thread: glassfish_at_javadesktop.org: "Re: Disable directory listings on SJSAS 8.2"
Reply: glassfish_at_javadesktop.org: "Re: Disable directory listings on SJSAS 8.2"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]