[Geoserver-devel] [jira] Created: (GEOS-1785) Data dir included in the .war distribution is wide open for the world to see...

Data dir included in the .war distribution is wide open for the world to see...
-------------------------------------------------------------------------------

                 Key: GEOS-1785
                 URL: http://jira.codehaus.org/browse/GEOS-1785
             Project: GeoServer
          Issue Type: Bug
          Components: Google Earth KML Output
    Affects Versions: 1.6.1, 1.6.0
            Reporter: Andrea Aime
            Assignee: Andrea Aime
            Priority: Blocker
             Fix For: 1.6.2

Basically everyone can see the contents of the data dir besides the services and catalog files that are explicitly hidden.
I'd say we reverse the situation, can we put the data dir into WEB-INF so that it's not visible at all unless we explicitly publish something with the file publisher?
Alternatively, it can stay there, we register the file hider to catch and hide everything into that dir. The file publisher is using paths other than data anyways, no?
(e.g. http://host:port/geoserver/www or http://host:port/geoserver/styles).

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira