cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Piroumian Konstantin <KPiroum...@protek.com>
Subject RE: [RT] Cocoon Blocks
Date Fri, 05 Jul 2002 07:36:27 GMT
> From: J.Pietschmann [mailto:j3322ptm@yahoo.de] 
> Piroumian Konstantin wrote:
> > If your sitemap is somewhere in WEB-INF then having 
> sitemap.xml would be
> > obvious, but if you have sitemap in the same directory 
> where your content
> > files are located then one could view your sitemap by simply typing
> > 'sitemap.xml' in request path. To prevent this you would 
> have to setup a
> > special pipeline in your sitemap or use resource 
> constraints in web.xml.
> 
> Does using "sitemap.xmap" prevent illegal access?

Since you do not provide a pipeline for anything that matches "sitemap.xmap"
then your sitemap won't be exposed, isn't it? But if you have a pipeline
with a matcher "*.xml" then having "sitemap.xml" in the same directory will
allow to view your sitemap file. I'd not like to show my production sitemaps
to users.

Konstantin

> 
> J.Pietschmann
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message