Security Bug in Grails GWT Plugin #53
Comments
|
This folder is created by the GWT compiler because usually it assumes to work in the web-app root, so the WEB-INF stuff will be put in the correct folder, thus disabling access to the files. Anyway, I think the WEB-INF folder created by GWT only contains some "deploy" files that can be quite big and usually do nothing more than bloating up the WAR file. Usually I put some code in the _Event.groovy file that is executed before the WAR file is created and delete this extra WEB-INF folder. So I'm not sure if this folder can be "disabled" via GWT compiler parameters. Otherwise the output folder for the GWT resources would have to be reconfigured, which would also change the links under which they are available. Cheers, |
|
@daviddawson What do you think on this issue? |
|
@daviddawson Could you please comment on this? |
I found a security bug in this plugin. The output ouf this plugin is compiled to the grails projects
folder. The gwt folder contains the following folders:
The WEB-INF folder should not be accessible from a browser. It turns out it is. You can access files which are inside this folder.
This should be fixed.
The text was updated successfully, but these errors were encountered: