struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Lowe <mark.l...@talk21.com>
Subject Re: struts-blank.war basedir
Date Fri, 11 Jul 2003 11:14:07 GMT
Andy

I think that putting your jsp's in /WEB-INF is considered better 
nowadays cos nobody can make a direct request for it.. This means all 
requests are mediated by actions and thus there's no exposure to the 
underlying file structure.. I remember that there were a lot o debates 
on this, but I believe that this approach is considered, and probably 
is, more secure..

cheers mark

On Friday, July 11, 2003, at 12:06 PM, Andy Pahne wrote:

>
> hi,
>
> when I had a look into struts-blank.war (Struts 1.1) I found that the
> ${basedir} in the supplied build file is set to /WEB_INF/. I would have
> set it to the directory below WEB-INF, so that index.jsp or the pages
> folder also is part of the project.
>
> Maybe I am wrong, but I simply cannot understand this at the moment.
> Anybody can tell me, why /WEB-INF was choosen?
>
> andy pahne


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message