struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Apache Struts Wiki] Updated: StrutsCatalogHidingPagesUnderWEBINF
Date Tue, 08 Jun 2004 23:43:50 GMT
   Date: 2004-06-08T16:43:50
   Editor: <>
   Wiki: Apache Struts Wiki
   Page: StrutsCatalogHidingPagesUnderWEBINF

   no comment

Change Log:

@@ -14,3 +14,7 @@
 The real value of this pattern is to protect your application from improper usage. If, for
some reason, someone knows the direct address of your JSP pages, s/he could use it to access
your pages without going thru an action first. Hiding your pages under WEB-INF guarantees
that this won't happen.
 -- MarcusBrito
+I personally prefer to use filter for hiding pages. I set filter to return 404 on every request
for *.jsp page. I can also change filter to allow for example only index.jsp to pass, but
all other pages to be unavailable. This is IMHO better than relying on container implementation.
+-- IvanRekovic

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message