hmm, i'd argue it needs to return a 404 error though, so as not to give attackers a way to know which libraries/jars/resources exist...
On Tue, Nov 10, 2009 at 2:52 PM, Ulrich Stärk <[email protected]> wrote: > ust tested it in trunk, works as expected: Trying to access templates and > other stuff, as well as directory listings result in a 403. An integration > test making sure that the protection isn't accidentally removed again would > be nice though. > > Uli > > Am 10.11.2009 11:28 schrieb Massimo Lusetti: >> >> On Mon, Nov 9, 2009 at 6:23 PM, <[email protected]> wrote: >> >>> Author: robertdzeigler >>> Date: Mon Nov 9 17:23:10 2009 >>> New Revision: 834151 >>> >>> URL: http://svn.apache.org/viewvc?rev=834151&view=rev >>> Log: >>> TAP5-815: Asset dispatcher allows any file inside the webapp visible and >>> downloadable (5.2 branch) >> >> Looking for testing this one soon but thanks for the work! Especially >> for (back)porting to the other two dev branch. >> >> Cheers > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Andreas Andreou - [email protected] - http://blog.andyhot.gr Tapestry / Tacos developer Open Source / JEE Consulting --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
