Regarding w4py.org, I'm not sure what specific security issues you're
referring to with regards to having the whole tree available. As long
as the .py files and other scripts are not executed by the web server,
we'll be fine.
They ARE executed, that's what I'm talking about. For example,
http://w4py.org/Webware/WebKit/Examples/Welcome.py
http://w4py.org/Webware/WebKit/Admin/Main.py
The reason is that the whole Webware tree has been copied to the default
context, so everything is available and executable under Webware.
The new Webware release has default contexts for displaying only the
docs, so it would not be needed to copy the whole tree to the default
context. Another and more efficient variant is letting Apache serve the
docs directly, and not Webware.
-- Chris
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Webware-devel mailing list
Webware-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/webware-devel