Re: [FRIDAY] RE: JSP Protection

2004-01-17 Thread Max Cooper
Be careful, or charliesheen.jpg will be looking for you! -Max - Original Message - From: Nail, Evan Burke [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Friday, January 16, 2004 5:19 AM Subject: [FRIDAY] RE: JSP Protection Perhaps I have a different browser

[FRIDAY] RE: JSP Protection

2004-01-16 Thread Nail, Evan Burke
Perhaps I have a different browser, but mine keeps asking for /images/deniserichards.jpg hmmm -Original Message- From: Max Cooper [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 7:20 PM To: Struts Users Mailing List Subject: Re: JSP Protection The images are requested

RE: JSP Protection

2004-01-16 Thread Edgar P Dollin
There is one other way and that is to foward *.jsp in web.xml to a filter which always fails. Edgar -Original Message- From: lixin chu [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 8:24 PM To: Struts Users Mailing List Subject: Re: JSP Protection thanks ! --- Max Cooper

RE: JSP Protection

2004-01-15 Thread Yee, Richard K,,DMDCWEST
Jürgen, Put the JSP under the WEB-INF directory. Once there, it will only be accessible from within your web application. -Richard -Original Message- From: Jürgen Scheffler [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 8:15 AM To: [EMAIL PROTECTED] Subject: JSP Protection

RE: JSP Protection

2004-01-15 Thread Hookom, Jacob
within WEB-INF) Regards, Jacob -Original Message- From: Yee, Richard K,,DMDCWEST [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 10:18 AM To: 'Struts Users Mailing List' Subject: RE: JSP Protection Jürgen, Put the JSP under the WEB-INF directory. Once there, it will only

RE: JSP Protection

2004-01-15 Thread Karr, David
Put all JSP pages that can't be accessed directly into a security constraint, only accessible by the role nobody, which you will never add a user to. All accesses of JSPs will be through forwards from actions, which will not be blocked by that security constraint (unless you either have a

RE: JSP Protection

2004-01-15 Thread lixin chu
I can successfully move all the files into /WEB-INF/subfolder (WEB-INF is protected by default) except the images/ folder. It seems that I have to leave it outside - in the webapp root. I am using Tomcat 5.0.16. Is it a defect or it is like this ? --- Karr, David [EMAIL PROTECTED] wrote: Put all

Re: JSP Protection

2004-01-15 Thread Max Cooper
Message - From: lixin chu [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, January 15, 2004 5:07 PM Subject: RE: JSP Protection I can successfully move all the files into /WEB-INF/subfolder (WEB-INF is protected by default) except the images/ folder. It seems

Re: JSP Protection

2004-01-15 Thread lixin chu
or it won't show up when someone wants to view the page. -Max - Original Message - From: lixin chu [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] Sent: Thursday, January 15, 2004 5:07 PM Subject: RE: JSP Protection I can successfully move all the files