When I brought up this issue with one of the authors of Orion I was
recommended to set the servlet-webdir attribute of orion-web-app (in
orion-web.xml or global-web-application.xml) to "[NONE]".
Not sure if this actually disables the feature, or if its just
meant to obfuscate the path to something unusable.
It would be preferable if this feature would be disabled by default in
Orion. (The servlet-webdir attribute in global-web-application.xml does
not seem to be used as a default value when auto-deploying, which
requires manual adjustment of this each time.. Orion 1.2.0)
Markus
On Tue, Aug 08, 2000 at 12:46:03PM +0300, Aleksi Kallio wrote:
> In my current setup of Orion it is possible to invoke unmapped servlets by calling
>them with their full packet name (like /servlet/org.comics.FunnyServlet) as long as
>they reside in the classpath.
>
> How to disallow this?
>
>
--
Markus Holmberg | Give me Unix or give me a typewriter.
[EMAIL PROTECTED] | http://www.freebsd.org/
