On Thu, 26 Jul 2007 18:18:42 -0300, Chris Lewis
<[EMAIL PROTECTED]> wrote:
I think hat's a legitimate problem. I know in T4 a checksum was
generated by links to assets and then verified by tapestry before
yielding the actual asset (by verifying the sum). However the fact that
you can use the asset service to pull any arbitrary file out of the
classpath, even those that are not declared as assets, seems like a
serious issue. I also would like to know a solution (simply restricting
the service to only declared assets should do, but how?).
I think there is a simple solution: create a configuration point
(contribution in Tapestry IoC) to the AssertService (I just guessed the
name) so you can tell it which files can't be accessed as an asset.
JIRA anyone?
Thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
