> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Terry, > > On 4/9/2010 12:14 PM, Terry Horner wrote: > > The problem seems to occur if there are any restricted resources > > within a page - it doesn't seems too outlandish for someone to > > restrict access to their images folder (say, it has client logos in > > it and they are required to be a bit paranoid about their client > > list). > If you have a restricted images folder, why are you trying to serve > images out of it onto a non-restricted page? > > I have a workaround that will work for some people in this situation > > - require all logons to go through index.jsp (or whatever) and have > > this be a page that just shows a 'loading...' animated image (or > > whatever) - but this doesn't work if you want to be able to bookmark > > pages within your site. > If you bookmark a restricted page, you don't even see it until after > successful authentication, so there's no problem there. > > The problem is with including restricted content in an unrestricted > page. I agree that your webapp shouldn't be suffering the kind of fate > it is currently is, but you'd save yourself a lot of trouble by not > doing something which seems so illogical. > > - -chris
That would be illogical, but it's not what I'm doing - in our system (and in the hypothetical example) the restricted images are inside a restricted page. The bookmarks are to a restricted page, any unrestricted pages on our system only hold unrestricted resources. _______________________________________ The information contained in this message is confidential and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Dancerace network. Dancerace plc will not be liable for direct, special, indirect or consequential damages arising from the alteration of the contents of this message by a third party or as a result of any virus being passed on. Dancerace plc reserve the right to monitor and record e-mail messages sent to and from this address for the purpose of investigating or detecting any unauthorised use of its system and ensuring its effective operation. _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/
****** Message from InterScan VirusWall 6 ****** ** No virus found in attached file noname.htm InterScan VirusWall 6 has scanned this message and found it to be free of known viruses. ***************** End of message ***************
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
