Hi all, on Tomcat 6 the asset protection is still broken. While/assets/de/ is protected /assets/de is still shown an index of all files. This should be tested under various app server, behind mod_proxy and mod_jk
As explained in the other thread, I favour an approach which doesn't need a complex checking of Regex to deliver resource files. Packing them into a dedicated subfolder of a jar, is simpler, more secure and faster. The old behaviour could be reestabblished by a configuration setting.
-- Best Regards / Viele Grüße Sebastian Hennebrueder ----- http://www.laliluna.de Laliluna.de, Berliner Strasse 22, 61118 Bad Vilbel, Germany * Java Software Development, Support * Training for Hibernate and Java Persistence * Tutorials for JSP, JavaServer Faces, Struts, Hibernate and EJB
smime.p7s
Description: S/MIME Cryptographic Signature
