My two cents: First of all make a filter on your webserver which limits access to those resources You could store the html text as CLOB in your database. That would add a barriere between the user and the html If that is not secure enough: the big databases support encrypted store of LOB's
Hugo ----- Original Message ----- From: "Eric Cho" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 25, 2004 5:58 PM Subject: Secure static files? > Hi all, > > Here's the background to my question. > > A web application sitting on WebSphere 4.x (soon to be Websphere 5.x). > On the web application we have many links to various documents (pdfs, docs, > xls....etc) and static html files. > But there is a requirement to secure many, if not all, these static > documents/pages. > > How would we go about doing that? > > I realize, we could change the html files to jsp and add our security code > but the problem is these html files are generated by a third party tool and > the content is often changed. Upon every change, it generates a whole new > set of html files. Where upon we will have to go back and change them to > jsps and add the security code. This would be very time consuming. > > Even so, if we could do this, how would we secure the pdfs, docs and etc? > Ideally what we'd like to see happen is, if a user was to have a URL and > path to a file, they would be thrown to a login page if they weren't first > authenticated. > > So if any of you have ideas from both the application and/or server side, > it'd be much appreciated. > > Thank you, > > Eric Cho > Web Solutions > Celero Solutions > [EMAIL PROTECTED] > www.celero.ca > > > > =========================================================================== > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". > > Some relevant archives, FAQs and Forums on JSPs can be found at: > > http://java.sun.com/products/jsp > http://archives.java.sun.com/jsp-interest.html > http://forums.java.sun.com > http://www.jspinsider.com > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant archives, FAQs and Forums on JSPs can be found at: http://java.sun.com/products/jsp http://archives.java.sun.com/jsp-interest.html http://forums.java.sun.com http://www.jspinsider.com
