On Wed, Mar 24, 2010 at 3:08 PM, Ernesto Reinaldo Barreiro
<reier...@gmail.com> wrote:
> Haven't had time to check the specification but this behavior (mounting on
> "/") might pose a security risk as you can fetch "invisible" things form the
> class path (e.g. configuration files containing sensitive information like
> passwords). On the other hand I see HttpService class has a
> registerResources method you could use to register static resources. Maybe
> that is the one you need?
I'm using Whiteboard to register the application, so I don't have
access to the HttpService, I have discovered that Pax implementation
of whiteboard [0] can also publish resources, so I can use that to
control where I publish the static content. Anyway I'd still have the
security risk if I register the application in "/".

[0] - Pax Whiteboard Extender -

To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to