struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@struts.apache.org
Subject [Apache Struts Wiki] Updated: StrutsCatalogHidingPagesUnderWEBINF
Date Tue, 08 Jun 2004 23:43:50 GMT
   Date: 2004-06-08T16:43:50
   Editor: 213.137.125.226 <>
   Wiki: Apache Struts Wiki
   Page: StrutsCatalogHidingPagesUnderWEBINF
   URL: http://wiki.apache.org/struts/StrutsCatalogHidingPagesUnderWEBINF

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -14,3 +14,7 @@
 The real value of this pattern is to protect your application from improper usage. If, for
some reason, someone knows the direct address of your JSP pages, s/he could use it to access
your pages without going thru an action first. Hiding your pages under WEB-INF guarantees
that this won't happen.
 
 -- MarcusBrito
+----
+I personally prefer to use filter for hiding pages. I set filter to return 404 on every request
for *.jsp page. I can also change filter to allow for example only index.jsp to pass, but
all other pages to be unavailable. This is IMHO better than relying on container implementation.
+
+-- IvanRekovic

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message