Julian: Thanks for sharing your solution to this problem. It seems like a
good workaround.
Ulrich: It is good to know that the directory listing has been addressed.
Hopefully this security hole will be fixed in the next release.
Daniel
Ulrich Stärk wrote:
>
> There is no directory listing with 5.2-SNAPSHOT but I'm still able to
> access the templates and stuff on the classpath.
>
> Uli
>
> On 21.07.2009 03:13 schrieb Daniel Jones:
>> Hello,
>>
>> OK, so here is my problem.
>>
>> In my page template:
>> ${asset:context:assets/images/layout/add.png}
>>
>> Tapestry generated URL to asset.
>>
>> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/assets/images/layout/add.png
>>
>> If I point my browser at:
>>
>> http://127.0.0.1:8080/assets/ctx/c69b95ec1fef872d/
>>
>> I get a directory listing including my .tml files, I can download these
>> in
>> their raw form. If I point my browser at http://127.0.0.1:8080/assets/
>> I
>> get a directory listing again, this time even more worrying as it
>> contains
>> my hibernate.cfg.xml which can be downloaded exposing the database
>> username
>> and password.
>>
>> How do I fix this. I used the maven archetype to build the project so
>> the
>> layout looks normal when compared with
>> http://tapestry.apache.org/tapestry5/guide/project-layout.html
>>
>> What am I doing wrong?
>>
>> Any help is much appreciated.
>>
>> Regards,
>> Daniel
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
>
--
View this message in context:
http://www.nabble.com/T5---Configuration-and-.tml-Files-are-Exposed-By-Tapestry.-tp24580195p24612089.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
