tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Tomcat Security
Date Sat, 28 Oct 2006 20:50:08 GMT
> From: Christopher Schultz [mailto:chris@christopherschultz.net] 
> Subject: Re: Tomcat Security
> 
> Since each image could have different authorization settings, 
> you can't just use the servlet container's built-in authorization
> (set up in web.xml). You will have to enforce this yourself.

Not sure that's necessarily true.  If the URI used to request the image
used paths segregated by accessibility, I think most of the access
checks could be handled by the appropriate declarative security
constraints.

> If so, I think your original question was poorly worded. I 
> think we all thought you were asking how to prevent downloading
> of images in general

That was certainly my interpretation.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message