Securing XSP Files

[Brent Johnson <bl...@gmail.com>]

I'm looking for some suggestions on how I can secure a set of XSP
files.  I'm working on a web based configuration GUI for my WebGate
application.  As of right now, when you initially go to the interface
it checks a config.xml file for a certain XML tag - in this case
<configured/>.. if this is set to "false" it redirects the browser to
a configuration screen.

Once the data is entered I set that value to "true" and the user never
sees the config screens again.  The problem is this.. if someone was
to just post the correct request parameters to Cocoon the XSP would
execute and change the files without looking for this configured tag.

Any suggestions on how I can make all these files inaccessible after
the configuration is completeted?  There a way I can read this
config.xml file in the XSP so that I can do a test as to whether its
going to modify the files or not?

Thanks,

- Brent

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org