users@glassfish.java.net

Disable directory listings on SJSAS 8.2

From: <glassfish_at_javadesktop.org>
Date: Fri, 27 Aug 2010 12:16:35 PDT

On SJSAS 8.2 we just discovered a vulnerability in that WEB-INF directories can be listed when browsing directly to the folder structure of our application.

Is there any sort of robots.txt or htaccess file that is editable on the application server to restrict this?
[Message sent by forum member 'jvermast']

http://forums.java.net/jive/thread.jspa?messageID=481182