Due to the fact that all of the files for Maximo Self Service application are served from one directory (maximo_installation) by the integrated Tomcat server, the files not recognized by Tomcat as needing to be run (*.jsps or mapped servlets) are not protected. Therefore, if one was to call upon a known Maximo file name (such as MXServer.properties, they would receive the file just like a request for download from any other web server. This means that everything under the maximo_install directory are semi-open to the public. This includes stored passwords and database locations in these files.
Due to the fact that all of the files for Maximo Self Service application are served from one directory (maximo_installation) by the integrated Tomcat server, the files not recognized by Tomcat as needing to be run (*.jsps or mapped servlets) are not protected. Therefore, if one was to call upon a known Maximo file name (such as MXServer.properties, they would receive the file just like a request for download from any other web server. This means that everything under the maximo_install directory are semi-open to the public. This includes stored passwords and database locations in these files.
[ reply ]