tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deacon Marcus" <deacon_mar...@wwtech.pl>
Subject RE: javascript access protection.
Date Sat, 03 Nov 2001 20:07:56 GMT
Hi,

> -----Original Message-----
> From: Thierry RAIBAUT [mailto:thierry.raibaut@libertysurf.fr]
> Sent: Saturday, November 03, 2001 12:08 PM
> To: tomcat-user@jakarta.apache.org
> Subject: javascript access protection.
>
>
> Hello,
>
> could somebody explain me how is it possible to protect some
> ressources from direct access.
>
> I think about a javascript directory.
> This directory has to be accessed by some JSP pages, but I do not
> want the user to access this directory
> directly with the browser by setting the javascript file url.
>
> I move my javascript directory under web-inf but by doing this,
> js files are no longer available even for jsp pages.
>
> thanks a lot for your help.
>
> Thierry
>

There's no "real" protection since the files in question would end up in
browser's cache, no matter disk or memory, anyway.
Try setting a filter on the directory containing the .js files and checking
for "referer" http header. It's not a real solution, you could still telnet
:80 and write GET /dir/file.js2 HTTP/1.1 [enter] Referer:
http://server/file.jsp [enter] [enter] and get the file, but it's the best
you can do. Filters are 2.3 of course.

Greetings, deacon Marcus


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message