[ http://issues.apache.org/jira/browse/TAPESTRY-843?page=comments#action_12363591 ]
Derick Fernando commented on TAPESTRY-843: ------------------------------------------ Can't this be done simply removing the "/app" or similar servlet mapping in web.xml and making sure that your servlet container is not mapping servlets to "servlet/*" for that context. > Friendly URL documentation concerning security and ugly URLs > ------------------------------------------------------------ > > Key: TAPESTRY-843 > URL: http://issues.apache.org/jira/browse/TAPESTRY-843 > Project: Tapestry > Type: Bug > Components: Documentation > Versions: 4.0 > Environment: All > Reporter: Brian K. Wallace > Attachments: Patch for Friendly URL security concern.patch > > The friendly URL documentation implies that enabling of friendly URLs is a > way to enable security for Tapestry generated URLs. While this part of the > documentation is correct, it implies that the 'ugly' URLs are no longer > accessible - thereby enabling security for Tapestry sites. This is not > correct and should be documented (at the very least). > Ideally, there should be a method in the framework itself that would disable > access to the original URLs if the friently URL contribution is made. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
