>From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] >Subject: RE: WEB-INF > >> I want to understand why it is a good practice to place >> them in WEB-INF > >To avoid uncontrolled access to your code. For example, if the >resources were in a client-accessible area, the resource would have to >protect itself against ill-formatted or antagonistic input; if the >resource is only accessible to trusted callers (e.g., filters or >servlets), the burden of validation can be on the visible component, and >the logic in the non-visible resource can be simpler. > > - Chuck >
I could only come up with "page navigation out of order" as a reason to restrict direct access. You said it better. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
