Christian, you seem to indicate that there's an easy fix for this on the mailing list; however, the last discussion there is from around 2007; the module that Robert is referring to is out of date (e.g. referring to old package names, etc). Any other tips on addressing this ?
I'm completely taken aback by such a gaping security hole in the framework. Considering that this issue has been known since 2007, I'm completely blown away that the framework doesn't provide a solution in T5 (not in T5.1). Cheers, Alex K On Tue, Aug 25, 2009 at 8:44 AM, Christian Riedel <christian-rie...@gmx.net>wrote: > FYI you should (all) be aware of TAP-815*! Your assets** are readable for > everybody! > It is certainly not as critical as in some pages named in this thread*** > but in general it could cause some bad reputation for T5. > > Apart from that I just can say: nice work! ;) > > > *jira ticket: > https://issues.apache.org/jira/browse/TAP5-815 > > **example asset > http://ping-service.appspot.com/assets/META-INF/persistence.xml > > *** > > http://www.nabble.com/-REQUEST--Live-T5-web-sites%2C-quotes%2C-marketting-ts23050433s302.html#a23054798 > > easy workaround: > > http://www.nabble.com/-T5--Security-of-files-in-the-classpath-ts11816097s302.html#a11816097 > > > regards > christian > > > Dmitry Gusev schrieb: > > FYI >> >> Here is the running t5 app: http://ping-service.appspot.com/ >> >> It uses T5.0.18 + Spring 3.0.0M4/JPA + Google >> Datastore/Mail/Cron/URLFetch/Google Accounts Security >> >> Works pretty well. >> >> I had to implement some hacks to develope with t5 on local dev server (t5 >> error page refuse to work properly there by default, but works ok in >> appengine cloud), here is the solution: >> >> >> http://dmitrygusev.blogspot.com/2009/08/turn-java-security-manager-off-in.html >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
