I have seen several recommendation to increase web application security by disabling directory browsing (for example pg 388 in IBM WebSphere Deployment and Advanced Configuration by Barcia, Hines, et al). However, none of these references provides a pointer to the configuration descriptor to accomplish this. Can anybody help on this?
Directory browsing is disabled by setting directoryBrowsingEnabled="false" in ibm-web-ext.xmi (IBM specific extensions of web.xml).
If you are using RAD6, WSAD, or the application assembly tool, setting the extensions is not a problem. If you don't have these tools, it is best to get a copy of ibm-web-ext.xmi from another application and modify it.
扫一扫
5838
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
