Folks,
I’d hate to sound alarmist but is anybody besides me bothered by the fact that:
http://localhost:8080/geonetwork/xml/user-profiles.xml
actually provides the file?
Surely this should be in WEB-INF so that it can’t be served as content?
Regards,
Stephen
Hi Stephen,
Yes 
Doesn't seem hard to fix though - looks like two small changes in Jeeves and one hard coded path in gast. I've done that and will test it for a while locally before committing it to the BlueNet MEST sandbox with other stuff.
Cheers and thanks,
Simon
Stephen.Davies@anonymised.com wrote:
Folks,
I’d hate to sound alarmist but is anybody besides me bothered by the fact that:
http://localhost:8080/geonetwork/xml/user-profiles.xml
actually provides the file?
Surely this should be in WEB-INF so that it can’t be served as content?
Regards,
Stephen
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------_______________________________________________
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
geonetwork-devel List Signup and Options
GeoNetwork OpenSource is maintained at GeoNetwork - Geographic Metadata Catalog download | SourceForge.net