You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by de...@struts.apache.org on 2004/06/09 01:43:50 UTC

[Apache Struts Wiki] Updated: StrutsCatalogHidingPagesUnderWEBINF

   Date: 2004-06-08T16:43:50
   Editor: 213.137.125.226 <>
   Wiki: Apache Struts Wiki
   Page: StrutsCatalogHidingPagesUnderWEBINF
   URL: http://wiki.apache.org/struts/StrutsCatalogHidingPagesUnderWEBINF

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -14,3 +14,7 @@
 The real value of this pattern is to protect your application from improper usage. If, for some reason, someone knows the direct address of your JSP pages, s/he could use it to access your pages without going thru an action first. Hiding your pages under WEB-INF guarantees that this won't happen.
 
 -- MarcusBrito
+----
+I personally prefer to use filter for hiding pages. I set filter to return 404 on every request for *.jsp page. I can also change filter to allow for example only index.jsp to pass, but all other pages to be unavailable. This is IMHO better than relying on container implementation.
+
+-- IvanRekovic

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org