You have following choices:
- Suppress the access to the javascript files if the referrer
is empty. Implement a filter in tc 4.0)
Disadvantage: You won't win much, because anybody who is
interested in the file can get it with ie ('save page as')
- security by obscurity
scramble the javascript, so that it's hard
to read. (At least requires some work for
the spy)
Disadvantage: You won't win much either, but have
additional work.
> -----Ursprüngliche Nachricht-----
> Von: Thierry RAIBAUT [mailto:thierry.raibaut@libertysurf.fr]
> Gesendet: Montag, 5. November 2001 14:49
> An: tomcat-user@jakarta.apache.org
> Betreff: javascript access protection
>
>
> Hello,
>
> could somebody explain me how is it possible to protect some
> ressources from direct access.
>
> I think about a javascript directory.
> This directory has to be accessed by some JSP pages, but I do
> not want the user to access this directory
> directly with the browser by setting the javascript file url.
>
> I move my javascript directory under web-inf but by doing
> this, js files are no longer available even for jsp pages.
>
> thanks a lot for your help.
>
> Thierry
>
>
>
--
To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|