You can mark them as protected resources that require a CRC query
parameter to access.
You are right, .tml files should be protected in this way, as should
hibernate XML files.
On Mon, Jul 20, 2009 at 6:13 PM, Daniel Jones<d...@murieston.com> wrote:
>
> Hello,
>
> OK, so here is my problem.
>
> In my page template:
> ${asset:context:assets/images/layout/add.png}
>
> Tapestry generated URL to asset.
>
> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/assets/images/layout/add.png
>
> If I point my browser at:
>
> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/
>
> I get a directory listing including my .tml files, I can download these in
> their raw form. If I point my browser at http://127.0.0.1:8080/assets/ I
> get a directory listing again, this time even more worrying as it contains
> my hibernate.cfg.xml which can be downloaded exposing the database username
> and password.
>
> How do I fix this. I used the maven archetype to build the project so the
> layout looks normal when compared with
> http://tapestry.apache.org/tapestry5/guide/project-layout.html
>
> What am I doing wrong?
>
> Any help is much appreciated.
>
> Regards,
> Daniel
> --
> View this message in context:
> http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24580195.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
--
Howard M. Lewis Ship
Creator of Apache Tapestry
Director of Open Source Technology at Formos
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
