Matt Raible wrote:
You should be able to remove the xfire-servlet mapping from your
web.xml. Of course, to thoroughly remove it, you should remove XFire
JARs from your project (and build files) and see what doesn't compile
(then remove those classes).
Dale Newfield wrote:
OWASP's "Security Analysis of Core J2EE Design Patterns" says I
should turn off the serving of WSDL files:
http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project/EISTier#tab=Web_Service_Broker
Wouldn't that also turn off the web services themselves? I want the
service to still work, but just ignore the requests for wsdl files. Is
that a contradiction?
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
