struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Micael Padraig Og mac Grene <caraun...@harbornet.com>
Subject RE: Inside WEB-INF or outside WEB-INF? Struts security.
Date Fri, 19 Apr 2002 16:31:33 GMT
Thank you for the response, but it is not responsive to the question I 
asked, I think.  My question was:

         Most sample apps have the jsp pages and
         images outside the WEB-INF. Why? Isn't
         it more secure inside?

So, where the servlets are ultimately put is not the question, Mark.  The 
question is why do most sample applications put the jsp pages outside the 
WEB-INF file, even in Tomcat?  That works with Tomcat too.  You can put 
them in either place, but if you do it outside you use relative urls and if 
you put them inside you use the controller framework.  My question is why 
in the world would someone use struts and then put them outside the WEB-INF 
file?

Thanks.

Micael


At 05:31 AM 4/19/02 -0400, you wrote:
>All web containers MUST support files inside WEB-INF by specification.  As
>for JSP files, some containers, like Tomcat, considers them controller
>component Java classes (servlets) and places them in the WEB-INF/class
>directory by default.  Others, like JRun, consider JSPs view components
>(they are, if used "correctly") and place them in a "jsp" directory outside
>WEB-INF.
>
>The point is, JSPs should never have executable Java scriplets in them.
>Programmatic functionality should consist solely of tags, which hide the
>implementation inside WEB-INF.
>
>Mark
>
>-----Original Message-----
>From: Victor Hadianto [mailto:victorh@nuix.com.au]
>Sent: Friday, April 19, 2002 3:18 AM
>
>On Fri, 19 Apr 2002 08:20, you wrote:
> > Most sample apps have the jsp pages and images outside the
> > WEB-INF.  Why?  Isn't it more secure inside?
>
>Not all web container supports files inside the WEB-INF. Tomcat does.
>
>--
>To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message