Hi Martijn,
Thanks for sharing, I tried the exact code, here is the problem:
http://example.com/assets/
under tomcat, this still shows everything under WEB-INF, but it works under
jetty, any idea?
martijn.list wrote:
>
> A solution to this problem has been posted multiple times. It has even
A solution to this problem has been posted multiple times. It has even
been posted in this thread but I'll post it again
I use the following code to whitelist some assets. Access to non white
listed assets is denied.
Add to your application module:
private static final String[] ASSET_WHIT
Hi,
I use the code to protect assets, here is the url:
http://example.com/assets
http://example.com/assets/
the first url, following code works, second URL, if it runs in jetty, the
code works, but if it is under tomcat 6, it still lists files under WEB-INF,
any idea? Thanks,
martijn.list
is there a fix for this? the assets got exposed, sometimes a list of
directories, but don't know how re-produce this, just happen one time.
akochnev wrote:
>
> Benny,
>indeed that would be the case for a "traditional" web framework that
> serves web application assets (e.g. stylesheets, ima
Thanks for the detailed info, Alex. There is so much to learn. I hope this
hole gets patched soon.
Benny
On Thu, Sep 10, 2009 at 9:41 AM, Alex Kotchnev wrote:
> Benny,
> indeed that would be the case for a "traditional" web framework that
> serves web application assets (e.g. stylesheets, ima
Benny,
indeed that would be the case for a "traditional" web framework that
serves web application assets (e.g. stylesheets, images, javascript) only
from the publicly available directories (e.g. outside of WEB-INF). However,
because of T5's component nature , if you deployed a component (e.g. a
Pardon me if I am mistaken, but shouldn't .class and .tml files be under
WEB-INF and hence inaccessible automatically?
Benny
On Thu, Sep 10, 2009 at 2:52 AM, martijn.list wrote:
> Angelo Chen wrote:
>
>> how to close access to ".class" and ".tml"?
>>
>>
>
> This has been posted to the list multi
Angelo Chen wrote:
how to close access to ".class" and ".tml"?
This has been posted to the list multiple times so I another time
wouldn't hurt ;)
I use the following code to whitelist some assets. Access to non white
listed assets is denied.
Add to your application module:
private st
how to close access to ".class" and ".tml"?
Sergey Didenko wrote:
>
> BTW, it's worth to remind again everyone who is going to publish their
> site urls, to close the access to ".class" and ".tml" files .
>
> On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti
> wrote:
>> On Tue, Sep 8, 2009 at 5
BTW, it's worth to remind again everyone who is going to publish their
site urls, to close the access to ".class" and ".tml" files .
On Tue, Sep 8, 2009 at 6:46 PM, Massimo Lusetti wrote:
> On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
> Figueiredo wrote:
>
>> Hi!
>>
>> I guess this was alre
On Tue, Sep 8, 2009 at 5:27 PM, Thiago H. de Paula
Figueiredo wrote:
> Hi!
>
> I guess this was already discussed some time ago, but I couldn't find it. :(
> Anyway, it's been a long time, so let's get it started again. ;)
>
> Tapestry is a wonderful framework, but it isn't the best known one arou
11 matches
Mail list logo
