tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat Security
Date Sat, 28 Oct 2006 12:35:42 GMT
Maurice Yarrow wrote:
> The short answer is: if URL's are filtered first, then the actual location
> DefaultServlet will need to use is not visible in any of the html.
> Only for the authenticated serves will  getPathInfo() be appropriately
> adjusted and then passed to DefaultServlet.


> Silly question for Maurice: why are you trying to protect your images?
> Do you want to stop people from ripping them off from your site?
> It's not my call, but the customer's.

You still didn't answer the question: what is the goal, here? Do you
want to "prevent" linking to your images from other pages? Prevent
people requesting the images directly? How about "nobody gets an image
unless they are authenticated?"


View raw message