From: Kevin Weekes <kweekes@li...> - 2004-08-03 10:46:42
There appears to be a security issue with the default tomcat installation
whereby web users can browse the directory contents if a default web file
has not been specified for a folder
The configuration file in the Tomcat installation
near line 50
has a tag for listing that by default is set to true.
The lines of commented out documentation which start just before explain
the setting more fully.