> From: Maurice Yarrow [mailto:[EMAIL PROTECTED] > Subject: Re: Tomcat Security > > What I currently do is serve the static content from elsewhere, > outside the tomcat/webapps tree.
Let's back up here for a moment. How are you delivering these controlled images and text to the client? Are they, for example, simply <img> references in a generated HTML page? If so, then the browser is constructing an HTTP GET requests for them, and anything the browser constructs the user could type in on the address line. You still end up having to map the request to some resource location on the server, and I don't see any way to prevent the end user from manually entering the equivalent URL. You could obfuscate, but not prevent. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
