Anthony Smith wrote: >I am not really sure if this is a jetspeed question or not but I really need >an answer to this or I am screwed. I have some files (jpgs, html, jsp) that >I want to put permissions on. I know how I could do it for a jsp page, but >what about an image file? I dont want the user to be able to type in the >path and then be able to acess it like that. And if it there is no work >around for it at least have the ability to check permissions in a session or >somewhere before they allow them to go to the actual file. I cannot use a db >to ref the files for this one. > Security of non-jetspeed objects (static content) can only be dealt with using Web container security, i.e. HTTP authentication. See the Apache/tomcat (or whatever servlet engine you are using) documentation for how to protect HTTP resources with authentication.
You could try tricks like allowing only requests that include a certain Referer: Header, but these are trivial to break and will not work. > >Please Help > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
