Em Wed, 26 Aug 2009 04:12:29 -0300, Onno Scheffers <o...@piraya.nl>
escreveu:
@Thiago
How about allowing absolutely nothing from the classpath/WEB-INF
initially?
Directory listing should also be disabled.
I agree. My suggestion to TAP-815 was:
"I would suggest to have a chain of command, each object in it receiving
the requested URL and responding true (ok), false (file is forbidden) or
null (this object doesn't handle this URL, ask the same thing to the next
object. This chain of command terminator would be a very restrictive one."
--
Thiago H. de Paula Figueiredo
Independent Java consultant, developer, and instructor
http://www.arsmachina.com.br/thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
