MRO Maximo v4 & v5

[Felix <felix.shnir () bms com>]

Due to the fact that all of the files for Maximo Self Service application are served from one directory 
(maximo_installation) by the integrated Tomcat server, the files not recognized by Tomcat as needing to be run (*.jsps 
or mapped servlets) are not protected.  Therefore, if one was to call upon a known Maximo file name (such as 
MXServer.properties, they would receive the file just like a request for download from any other web server.  This 
means that everything under the maximo_install directory are semi-open to the public.  This includes stored passwords 
and database locations in these files.