Thanks Juha, > > Yes, context root will be served, as will be other folders under > context root. WEB-INF and its subfolders are safe, from the container > (Tomcat) point-of-view. Note however, that you as web application > developer can break this safety mechanism: a servlet can be > programmed to read a file from within WEB-INF and serve the contents > to the Internet. If such a servlet contains a bug that allows intruder > to freely choose a file, instead of strictly providing one of > predefined files, then it could be that an intruder could read any > file within WEB-INF. >
Well Thanks for valuable tip, I will keep in this mind. > You could store the database access information in a plain-text file, > but then, you could also store them as web-application context > parameters in WEB-INF/web.xml file. Or you could set up a proper > JNDI database resource, but perhaps that's something that can be > left for a bit later on the learning curve. > aha a new area to study, I will try to find out more on JNDI. >> BTW can u suggest some good book/study material on tomcat for a newbie. > > Even though it is not intended as such, I would like to recommend the > Servlet specification available from Sun. That document describes what > you can expect from a servlet container (such as Tomcat). > -- I will read this first to get hang of tomcat, yes its necessary to know how tomcat behaves before I write some web application i.e. some servlets and applets/jsps. Thanks once again Raja --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org