tapestry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Derick Fernando (JIRA)" <tapestry-...@jakarta.apache.org>
Subject [jira] Commented: (TAPESTRY-843) Friendly URL documentation concerning security and ugly URLs
Date Sun, 22 Jan 2006 22:28:46 GMT
    [ http://issues.apache.org/jira/browse/TAPESTRY-843?page=comments#action_12363591 ] 

Derick Fernando commented on TAPESTRY-843:
------------------------------------------

Can't this be done simply removing the "/app" or similar servlet mapping in web.xml and making
sure that your servlet container is not mapping servlets to "servlet/*" for that context.

> Friendly URL documentation concerning security and ugly URLs
> ------------------------------------------------------------
>
>          Key: TAPESTRY-843
>          URL: http://issues.apache.org/jira/browse/TAPESTRY-843
>      Project: Tapestry
>         Type: Bug
>   Components: Documentation
>     Versions: 4.0
>  Environment: All
>     Reporter: Brian K. Wallace
>  Attachments: Patch for Friendly URL security concern.patch
>
> The friendly URL documentation implies that enabling of friendly URLs is a way to enable
security for Tapestry generated URLs. While this part of the documentation is correct, it
implies that the 'ugly' URLs are no longer accessible - thereby enabling security for Tapestry
sites. This is not correct and should be documented (at the very least).
> Ideally, there should be a method in the framework itself that would disable access to
the original URLs if the friently URL contribution is made.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-dev-help@jakarta.apache.org


Mime
View raw message