You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Paul Ferraro <pm...@columbia.edu> on 2005/04/15 19:04:23 UTC
Re: ApplicationRuntimeException
To summarize...
Prior to 3.0.3, the Asset service, which is responsible for streaming
private assets from the classpath, only required a single service
parameter: the path to the resource. This was problematic since a rogue
user could manipulate the url to fetch any resource such as your
server's config files where you might store passwords to your database!
In 3.0.3 (and the future 4.0), the Asset service now requires 2 service
parameters: the path to the resource, and a checksum of the resource.
The checksum of the resource is computed at the time the link is
rendered. Checksums are computed via the
ResourceChecksumSource.computeChecksum() method. The default
ResourceChecksumSource implementation computes checksums as an MD5
digest. The ResourceChecksumSource implementation may be customized by
overriding the IEngine.getResourceChecksumSource() method.
Does that answer your questions?
Paul
Dominik Kreutz wrote:
>Hi again,
>
>In the meantime I found the reason for exception: One of the scripts on the
>page includes a javascript-library that inadvertently removed from the class-
>path. Before Tapestry-3.0.3 the page still loaded in such situation leaving
>only the javascript not functioning.
>
>My questions still remain:
>
>What does "valid checksum" mean in this case and what is the computeChecksum-
>method good for?
>
>Best regards,
>
> Dominik Kreutz
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org