Security hole in Metacat for data file.
In metacat, data files are put into the data directory in the same directory
as the servlet context. So one can do a directory listing of all of the data
that metacat is storing.we need to move that directory somewhere not web
#1 Updated by Jing Tao about 18 years ago
In build.xml, metacat administrator can specify a absolute path for storing
data file. The property name is datafilepath. During the installation, Metacat
can automaticlly create this directory.
Here is the testing:
Using morpho, new data file can be create in data file directroy. The the data
file can be access by read and export.
The data file can be force and delt T replication too.
An old data file was move to the new data directory. The file can be read and