You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by de...@struts.apache.org on 2004/06/09 01:43:50 UTC
[Apache Struts Wiki] Updated: StrutsCatalogHidingPagesUnderWEBINF
Date: 2004-06-08T16:43:50
Editor: 213.137.125.226 <>
Wiki: Apache Struts Wiki
Page: StrutsCatalogHidingPagesUnderWEBINF
URL: http://wiki.apache.org/struts/StrutsCatalogHidingPagesUnderWEBINF
no comment
Change Log:
------------------------------------------------------------------------------
@@ -14,3 +14,7 @@
The real value of this pattern is to protect your application from improper usage. If, for some reason, someone knows the direct address of your JSP pages, s/he could use it to access your pages without going thru an action first. Hiding your pages under WEB-INF guarantees that this won't happen.
-- MarcusBrito
+----
+I personally prefer to use filter for hiding pages. I set filter to return 404 on every request for *.jsp page. I can also change filter to allow for example only index.jsp to pass, but all other pages to be unavailable. This is IMHO better than relying on container implementation.
+
+-- IvanRekovic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org