On 8/18/06, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > Do we need to be that restrictive? > > > > No, and we shouldn't be due to the customizable configuration of ASSP. > > > Also, I've just discovered that we need .db files in there. Currently you > > can't look at your > > pb/.db files through the interface. > > > > Good point. I missed that as well. > > > Remind me what we're trying to do here? > > Too much apparently. :-) Although, if possible, I think it would be > safer to restrict access to specific file types. We just need an > accurate list. >
Frankly I think it would be fine to just limit ASSP to it's own directory and sub-folders. Hard coding a list of files would just be restrictive and a pain to update and maintain unless we took away the option to set the file names to whatever you wanted. Then we could control what files can and can not be accessed by ASSP. But i don't like that either since it would have to be maintained for new features etc. Just my 2cents Kevin ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
