Re: [c1] Cocoon / Tomcat / XSL Files

Tue, 25 Sep 2001 12:09:38 -0700 

On Tue, 25 Sep 2001, Sergio Carvalho wrote:

>
> If you are using apache on the frontend, you can use mod_rewrite to forbid any
> ^.*xsl$ request. See the URL rewriting guide:
>  http://httpd.apache.org/docs/misc/rewriteguide.html

As Cocoon2 is controlling its hole URI space in the sitemap you can
easily verify if *.xsl files will be accessable through Cocoon by taking
a look into the sitemaps matcher elements.

Giacomo

>
> On Tue, 25 Sep 2001 13:53:09 -0400, Brent L Johnson wrote:
> From: "Brent L Johnson" <[EMAIL PROTECTED]>
> --
>
> > I'm not sure this is really the best mailing list to direct this to - but
> > since it is directly related to Cocoon I'll try anyways.
> >
> > I'm using ESQL in many different documents for reading info out of a
> > database.  The problem is, the database username and passwords are stored in
> > cleartext in the XSL document, and someone could simply read the HTML source
> > and pick out the namespaces and read the XSL documents (thus getting access
> > to not only the code used to create most of the dynamic pages, but DB
> > usernames and passwords).
> >
> > Does anyone know if I can restrict access to .xsl files using Apache +
> > Tomcat + Cocoon1 ??
> >
> > Thanks,
> >
> > - Brent
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
> >
> > To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> > For additional commands, e-mail: <[EMAIL PROTECTED]>
> >
>
>
> --
> Sergio Carvalho
> ---------------
> [EMAIL PROTECTED]
>
> If at first you don't succeed, skydiving is not for you
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
>


---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>

Reply via email to