struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Lowe <>
Subject Re: struts-blank.war basedir
Date Fri, 11 Jul 2003 11:14:07 GMT

I think that putting your jsp's in /WEB-INF is considered better 
nowadays cos nobody can make a direct request for it.. This means all 
requests are mediated by actions and thus there's no exposure to the 
underlying file structure.. I remember that there were a lot o debates 
on this, but I believe that this approach is considered, and probably 
is, more secure..

cheers mark

On Friday, July 11, 2003, at 12:06 PM, Andy Pahne wrote:

> hi,
> when I had a look into struts-blank.war (Struts 1.1) I found that the
> ${basedir} in the supplied build file is set to /WEB_INF/. I would have
> set it to the directory below WEB-INF, so that index.jsp or the pages
> folder also is part of the project.
> Maybe I am wrong, but I simply cannot understand this at the moment.
> Anybody can tell me, why /WEB-INF was choosen?
> andy pahne

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message