On 08/06/2012 13:46, Robert Munteanu wrote: > Hi, > > I've recently been made aware that all resources under /apps are readable by > everyone. This includes JSP scripts and I presume bundles deployed under the > install folder. > > What is the recommended way of securing access to such resources?
hi Robert, normally I work with CQ and in that case there's the Dispatcher (apache module) that takes care about it. Let's say that without knowing sling too much, if I'd have to do it I would manage it a 2 levels. First one with ACL in jackrabbit. Giving the read access only behind authentication. Second using the apache rewrite rules a would rewrite all /apps and /libs to a 404. HTH Davide
