In OACS 5.0 I have a /resources directory in the page root (ie not in a package) with several files and sub-directories. This works well and I guess it bypasses session ids and permission checks.
Howerver if I go to http://sitename/resources or http://sitename/resources/subdir, the directory get served as if it was a file and I get a page that has a garbled but readable list of files in the directory including some files that used to be there but were deleted.
I haven't tried a /resources directory under a package so I don't know if something similar happens there. I guess if the answer isn't "Don't do that", I should have posted this as a bug.
