tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derick Fernando (JIRA)" <tapestry-...@jakarta.apache.org>
Subject [jira] Commented: (TAPESTRY-843) Friendly URL documentation concerning security and ugly URLs
Date Sun, 22 Jan 2006 22:28:46 GMT
    [ http://issues.apache.org/jira/browse/TAPESTRY-843?page=comments#action_12363591 ] 

Derick Fernando commented on TAPESTRY-843:

Can't this be done simply removing the "/app" or similar servlet mapping in web.xml and making
sure that your servlet container is not mapping servlets to "servlet/*" for that context.

> Friendly URL documentation concerning security and ugly URLs
> ------------------------------------------------------------
>          Key: TAPESTRY-843
>          URL: http://issues.apache.org/jira/browse/TAPESTRY-843
>      Project: Tapestry
>         Type: Bug
>   Components: Documentation
>     Versions: 4.0
>  Environment: All
>     Reporter: Brian K. Wallace
>  Attachments: Patch for Friendly URL security concern.patch
> The friendly URL documentation implies that enabling of friendly URLs is a way to enable
security for Tapestry generated URLs. While this part of the documentation is correct, it
implies that the 'ugly' URLs are no longer accessible - thereby enabling security for Tapestry
sites. This is not correct and should be documented (at the very least).
> Ideally, there should be a method in the framework itself that would disable access to
the original URLs if the friently URL contribution is made.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org

View raw message