Hi, Just don't put configuration resources there. Here's what I use (since I wrote it up heheh):
http://wiki.apache.org/tapestry/Tapestry5WhereToStoreConfigurationResources http://wiki.apache.org/tapestry/Tapestry5WhereToStoreExternalResources On 7/26/07, Thiago H de Paula Figueiredo <[EMAIL PROTECTED]> wrote:
Hi! I'm developing a Tapestry 5 application and I was looking at access to assets via URLs. I typed http://localhost:8080/assets/tapestry/default.css to take a look at T5 default CSS values. Then I typed http://localhost:8080/assets/hibernate.cfg.xml . . . and it showed that file. It's a security flaw. Is there any measure already implemented against this kind of attack? It would be very nice if we could block asset access to files and folders through some Tapestry-IoC contribution. ;) Thiago --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
