tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Deacon Marcus" <>
Subject RE: javascript access protection.
Date Sat, 03 Nov 2001 20:07:56 GMT

> -----Original Message-----
> From: Thierry RAIBAUT []
> Sent: Saturday, November 03, 2001 12:08 PM
> To:
> Subject: javascript access protection.
> Hello,
> could somebody explain me how is it possible to protect some
> ressources from direct access.
> I think about a javascript directory.
> This directory has to be accessed by some JSP pages, but I do not
> want the user to access this directory
> directly with the browser by setting the javascript file url.
> I move my javascript directory under web-inf but by doing this,
> js files are no longer available even for jsp pages.
> thanks a lot for your help.
> Thierry

There's no "real" protection since the files in question would end up in
browser's cache, no matter disk or memory, anyway.
Try setting a filter on the directory containing the .js files and checking
for "referer" http header. It's not a real solution, you could still telnet
:80 and write GET /dir/file.js2 HTTP/1.1 [enter] Referer:
http://server/file.jsp [enter] [enter] and get the file, but it's the best
you can do. Filters are 2.3 of course.

Greetings, deacon Marcus

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message