Return-Path: Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org Received: (qmail 51915 invoked by uid 500); 25 Sep 2001 19:29:38 -0000 Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: cocoon-users@xml.apache.org Delivered-To: mailing list cocoon-users@xml.apache.org Received: (qmail 51897 invoked from network); 25 Sep 2001 19:29:37 -0000 Date: Tue, 25 Sep 2001 21:28:50 +0200 (CEST) From: giacomo X-X-Sender: To: Subject: Re: [c1] Cocoon / Tomcat / XSL Files In-Reply-To: <20010925192246.176f5f7f.sergio.carvalho@acm.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N On Tue, 25 Sep 2001, Sergio Carvalho wrote: > > If you are using apache on the frontend, you can use mod_rewrite to forbid any > ^.*xsl$ request. See the URL rewriting guide: > http://httpd.apache.org/docs/misc/rewriteguide.html As Cocoon2 is controlling its hole URI space in the sitemap you can easily verify if *.xsl files will be accessable through Cocoon by taking a look into the sitemaps matcher elements. Giacomo > > On Tue, 25 Sep 2001 13:53:09 -0400, Brent L Johnson wrote: > From: "Brent L Johnson" > -- > > > I'm not sure this is really the best mailing list to direct this to - but > > since it is directly related to Cocoon I'll try anyways. > > > > I'm using ESQL in many different documents for reading info out of a > > database. The problem is, the database username and passwords are stored in > > cleartext in the XSL document, and someone could simply read the HTML source > > and pick out the namespaces and read the XSL documents (thus getting access > > to not only the code used to create most of the dynamic pages, but DB > > usernames and passwords). > > > > Does anyone know if I can restrict access to .xsl files using Apache + > > Tomcat + Cocoon1 ?? > > > > Thanks, > > > > - Brent > > > > > > --------------------------------------------------------------------- > > Please check that your question has not already been answered in the > > FAQ before posting. > > > > To unsubscribe, e-mail: > > For additional commands, e-mail: > > > > > -- > Sergio Carvalho > --------------- > sergio.carvalho@acm.org > > If at first you don't succeed, skydiving is not for you > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. > > To unsubscribe, e-mail: > For additional commands, e-mail: > > > > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. To unsubscribe, e-mail: For additional commands, e-mail: