Hi, > -----Original Message----- > From: Thierry RAIBAUT [mailto:[EMAIL PROTECTED]] > Sent: Saturday, November 03, 2001 12:08 PM > To: [EMAIL PROTECTED] > Subject: javascript access protection. > > > Hello, > > could somebody explain me how is it possible to protect some > ressources from direct access. > > I think about a javascript directory. > This directory has to be accessed by some JSP pages, but I do not > want the user to access this directory > directly with the browser by setting the javascript file url. > > I move my javascript directory under web-inf but by doing this, > js files are no longer available even for jsp pages. > > thanks a lot for your help. > > Thierry >
There's no "real" protection since the files in question would end up in browser's cache, no matter disk or memory, anyway. Try setting a filter on the directory containing the .js files and checking for "referer" http header. It's not a real solution, you could still telnet :80 and write GET /dir/file.js2 HTTP/1.1 [enter] Referer: http://server/file.jsp [enter] [enter] and get the file, but it's the best you can do. Filters are 2.3 of course. Greetings, deacon Marcus -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
