[Dspace-general] Security Setting in Tomcat Server

[Kevin Weekes]

There appears to be a security issue with the default tomcat installation
whereby web users can browse the directory contents if a default web file
has not been specified for a folder

The configuration file in the Tomcat installation
/$CATALINA_HOME/conf/web.xml
near line 50

has a tag for listing that by default is set to true.
The lines of commented out documentation  which start just before explain
the setting more fully.