[
https://issues.apache.org/jira/browse/JSPWIKI-43?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Jaquith closed JSPWIKI-43.
---------------------------------
Resolution: Duplicate
See the other bug for more discussion...
> Template files should be placed under WEB-INF
> ---------------------------------------------
>
> Key: JSPWIKI-43
> URL: https://issues.apache.org/jira/browse/JSPWIKI-43
> Project: JSPWiki
> Issue Type: Improvement
> Components: Authentication&Authorization, Default template
> Reporter: Janne Jalkanen
> Priority: Minor
> Fix For: 3.0
>
>
> template JSPs and other JSPs not intended for direct access should be placed
> under WEB-INF. This accomplishes two things
> a) it stops annoying bots from accessing these pages directly (causing
> WikiContext may not be NULL messages in the logs)
> b) it gives less vectors to potential harmful attacks.
> However, this change is probably best done in 3.0 timeframe together with the
> move to Stripes. Many things might break.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
