I keep trying to find the time to come up with a simple, unified approach to assets, library mappings, and asset protection. Maybe on my flight out to London :-)
In terms of a solution: simpler API, assume that most resources are available unless explicitly told not to (i.e., .class and hibernate properties files, etc.). Key things: some kind of check to prevent directory listings, and properly enforce the extra MD5 checksum for protected resources (.class file, etc.). On Thu, Apr 8, 2010 at 1:20 PM, Robert Zeigler <[email protected]> wrote: > What's the status on the next 5.1 release? I've been out of the loop for the > last six months; I know I contributed the assetpathdispatcher stuff, which > most people seemed to agree with (in terms of the idea), until it was > actually in, and then there was a huge amount of pushback. I'm amenable to > pulling out the AssetProtectionDispatcher and putting in a "proper" fix (ie > something directly in AssetDispatcher), but was this issue already resolved? > > Robert > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Howard M. Lewis Ship Creator of Apache Tapestry The source for Tapestry training, mentoring and support. Contact me to learn how I can get you up and productive in Tapestry fast! (971) 678-5210 http://howardlewisship.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
