Template files should be placed under WEB-INF
---------------------------------------------
Key: JSPWIKI-43
URL: https://issues.apache.org/jira/browse/JSPWIKI-43
Project: JSPWiki
Issue Type: Improvement
Components: Default template, Security
Reporter: Janne Jalkanen
Priority: Minor
Fix For: 3.0
template JSPs and other JSPs not intended for direct access should be placed
under WEB-INF. This accomplishes two things
a) it stops annoying bots from accessing these pages directly (causing
WikiContext may not be NULL messages in the logs)
b) it gives less vectors to potential harmful attacks.
However, this change is probably best done in 3.0 timeframe together with the
move to Stripes. Many things might break.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
