I thought the digest generator is meant to make a different digest for each file, but it seems to be for the whole app?, or is that nnnnnnnn bit something to do with app versioning for caching and what not and not the digest?. This whole thread has some ideas for a white list approach to files on the classpath, but I thought by now tapestry would have something out of the box rather than a custom solution for it... I'm having a look into the resourceDigestGenerator, but at the moment it isn't the highest thing on my list.
Geoff Callender-2 wrote: > > Ouch, now I get it. WEB-INF and all its contents are in fact visible, > directly below yourapp/assets/ctx/nnnnnnnnnnnnnnnn/, and it's not hard > to find out the value of nnnnnnnnnnnnnnnn. > > Suggestions anyone? > -- View this message in context: http://www.nabble.com/-T5--Security-of-files-in-the-classpath-tp11816097p24981387.html Sent from the Tapestry - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
