You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by Tina Tsui <tt...@bellsouth.net> on 2003/08/20 17:16:05 UTC

AssetService Security hole

Hello all,

I've read Mr. Ship's comments in the AssetService class where the 
AssetService can be used to extract class files out the of server.  I 
was going to implement my own AssetService class that only allowed 
access to limited directories, but I thought I would check with the rest 
of you and see if there's a better approach before I start re-inventing 
the wheel.  

Thanks in advance,
Tina