Thiago, I do want to make sure i disallow directory listings.
agree there is potential for bottleneck so I have changed to:
public boolean service(Request request, Response response,
RequestHandler handler) throws IOException
{
String path = request.getPath();
String co
On Thu, 25 Nov 2010 18:24:39 -0200, Paul Stanton
wrote:
Yes tested and it works.
Yay! :)
I figured since I'm only executing the logic for things that start with
/asset/ctx/ the overhead shouldn't be noticeable, however on second
thought maybe this isn't a good idea?
There's a possibi
Yes tested and it works.
I create the real file so I can disallow all directory listings.
I could do this by testing for the (non)existence of a file extension,
however that isn't technically cross-platform etc...
so i create the file to test whether it's a directory, and disallow if
it is.
On Thu, 25 Nov 2010 00:03:03 -0200, Paul Stanton
wrote:
Thanks Thiago,
Hi!
AFAIK you don't need to check for the real file. Just checking the URL is
enough.
Besides this, I think it is ok. Have you tested it already?
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5
Thanks Thiago,
I have added the following to my AppModule.
public RequestFilter buildAccessFilter(final Context context)
{
return new RequestFilter()
{
@Override
public boolean service(Request request, Response response,
RequestHandler handler) th
On Wed, 24 Nov 2010 22:13:03 -0200, Paul Stanton
wrote:
I've just noticed in one of my apps (T5.1.0.5) is allowing not only
directory listing via the "assets" servlet (i know it's not a servlet as
such) including access to directory listing and files within WEB-INF.
You can even download
