Data dir included in the .war distribution is wide open for the world to see...
-------------------------------------------------------------------------------
Key: GEOS-1785
URL: http://jira.codehaus.org/browse/GEOS-1785
Project: GeoServer
Issue Type: Bug
Components: Google Earth KML Output
Affects Versions: 1.6.1, 1.6.0
Reporter: Andrea Aime
Assignee: Andrea Aime
Priority: Blocker
Fix For: 1.6.2
Basically everyone can see the contents of the data dir besides the services and catalog files that are explicitly hidden.
I'd say we reverse the situation, can we put the data dir into WEB-INF so that it's not visible at all unless we explicitly publish something with the file publisher?
Alternatively, it can stay there, we register the file hider to catch and hide everything into that dir. The file publisher is using paths other than data anyways, no?
(e.g. http://host:port/geoserver/www or http://host:port/geoserver/styles).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira