You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tapestry.apache.org by "Robert Zeigler (JIRA)" <ji...@apache.org> on 2010/01/13 07:25:54 UTC

[jira] Commented: (TAP5-703) Improvement where to save tml files

    [ https://issues.apache.org/jira/browse/TAP5-703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12799602#action_12799602 ] 

Robert Zeigler commented on TAP5-703:
-------------------------------------

This should actually be marked as fixed now... the current set of contributions to the regexauthorizer ensure that .tml resource files in the context are inaccessible. 

> Improvement where to save tml files
> -----------------------------------
>
>                 Key: TAP5-703
>                 URL: https://issues.apache.org/jira/browse/TAP5-703
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>    Affects Versions: 5.1.0.5, 5.0.18
>            Reporter: Tam Du
>            Assignee: Howard M. Lewis Ship
>         Attachments: mvncmsModule.java
>
>
> I request this feature for purpose of the security of website. Currently, I found that users can download tml files by putting ".tml" at the end of URL. Users can do like that because .tml files are put in the webroot folder of the project. To prevent download, I have 2 solutions for this case:
>      Solution 1:   .tml files can be saved anywhere in project, and Tapestry will support the configuration to determine where to save these files.
>      Solution 2:   Save tml file in the WEB_INF folder of project.
> I hope that next version of Tapestry will have this option.
> Thank you very much.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.