incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Jaquith (JIRA)" <>
Subject [jira] Closed: (JSPWIKI-43) Template files should be placed under WEB-INF
Date Wed, 31 Dec 2008 17:15:44 GMT


Andrew Jaquith closed JSPWIKI-43.

    Resolution: Duplicate

See the other bug for more discussion...

> Template files should be placed under WEB-INF
> ---------------------------------------------
>                 Key: JSPWIKI-43
>                 URL:
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Authentication&Authorization, Default template
>            Reporter: Janne Jalkanen
>            Priority: Minor
>             Fix For: 3.0
> template JSPs and other JSPs not intended for direct access should be placed under WEB-INF.
 This accomplishes two things
> a) it stops annoying bots from accessing these pages directly (causing WikiContext may
not be NULL messages in the logs)
> b) it gives less vectors to potential harmful attacks.
> However, this change is probably best done in 3.0 timeframe together with the move to
Stripes.  Many things might break.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message