tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <ralph.einfe...@uptime-isc.de>
Subject AW: javascript access protection
Date Mon, 05 Nov 2001 14:15:55 GMT

You have following choices:
- Suppress the access to the javascript files if the referrer
  is empty. Implement a filter in tc 4.0)
  Disadvantage: You won't win much, because anybody who is 
  interested in the file can get it with ie ('save page as')
- security by obscurity
  scramble the javascript, so that it's hard
  to read. (At least requires some work for
  the spy)
  Disadvantage: You won't win much either, but have 
  additional work.

> -----Urspr√ľngliche Nachricht-----
> Von: Thierry RAIBAUT [mailto:thierry.raibaut@libertysurf.fr]
> Gesendet: Montag, 5. November 2001 14:49
> An: tomcat-user@jakarta.apache.org
> Betreff: javascript access protection
> 
> 
> Hello,
> 
> could somebody explain me how is it possible to protect some 
> ressources from direct access.
> 
> I think about a javascript directory.
> This directory has to be accessed by some JSP pages, but I do 
> not want the user to access this directory
> directly with the browser by setting the javascript file url.
> 
> I move my javascript directory under web-inf but by doing 
> this, js files are no longer available even for jsp pages.
> 
> thanks a lot for your help.
> 
> Thierry
> 
>  
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message