Hi, I have read in various forums that there are situations where the content of WEB-INF can be accessed. Some people say that it is good practice to hide sensitive files in WEB-INF and some say it might not be...
I am using Tomcat 6.0 and I am worried someone could access some of my sensitive files located inside the WEB-INF folder. Could you explain to me whether this is possible or not. Do i need to obfuscate the content of the files in WEB-INF? With best regards, Peter Hallbeck