[
https://issues.apache.org/jira/browse/TAP5-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799602#action_12799602
]
Robert Zeigler commented on TAP5-703:
-------------------------------------
This should actually be marked as fixed now... the current set of contributions
to the regexauthorizer ensure that .tml resource files in the context are
inaccessible.
> Improvement where to save tml files
> -----------------------------------
>
> Key: TAP5-703
> URL: https://issues.apache.org/jira/browse/TAP5-703
> Project: Tapestry 5
> Issue Type: Improvement
> Components: tapestry-core
> Affects Versions: 5.1.0.5, 5.0.18
> Reporter: Tam Du
> Assignee: Howard M. Lewis Ship
> Attachments: mvncmsModule.java
>
>
> I request this feature for purpose of the security of website. Currently, I
> found that users can download tml files by putting ".tml" at the end of URL.
> Users can do like that because .tml files are put in the webroot folder of
> the project. To prevent download, I have 2 solutions for this case:
> Solution 1: .tml files can be saved anywhere in project, and Tapestry
> will support the configuration to determine where to save these files.
> Solution 2: Save tml file in the WEB_INF folder of project.
> I hope that next version of Tapestry will have this option.
> Thank you very much.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
