[CONF] Apache Tapestry Security FAQ
Bob Harner removed a comment from the page: Security FAQ Added security label Stop watching space Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software
[CONF] Apache Tapestry Security FAQ
Bob Harner edited the page: Security FAQ Comment: Added Related Articles box Wiki Markup {scrollbar} Security FAQ Wiki Markup {float:right|background="" {contentbylabel:title=Related Articles|showLabels=false|showSpace=false|space=@self|labels=security} {float} The built-in PageCatalog and ServiceStatus pages are visible in my production application and I don't want them to be, what can I do? ... Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist. This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id LocalhostOnly, which one of your modules can override: Code Block @Contribute(ClientWhitelist.class) public static void turnOffLocalhostInProduction(OrderedConfigurationWhitelistAnalyzer configuration, @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) { if (productionMode) { configuration.override(LocalhostOnly, null); } } ... View Online Like View Changes
[CONF] Apache Tapestry Security FAQ
Bob Harner added a comment to the page: Security FAQ Added security label View Online Like Stop watching space Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software
[CONF] Apache Tapestry Security FAQ
Security FAQ Page added by Howard M. Lewis Ship Frequently Asked Questions Security FAQ The built-in PageCatalog and ServiceStatus pages are visible in my production application and I don't want them to be, what can I do? First off all, don't panic: these pages are marked with the @WhitelistAccessOnly annotation, which makes them invisible to clients that are not on the whitelist. Try accessing the page from a different workstation and you may find that the pages are not visible after all. Sometimes, in production, a firewall or proxy may make it look like the client web browser originates from localhost; in that situation, you may want to disable the logic that puts localhost onto the whitelist. This determination is made by the contributions to the ClientWhitelist service. Tapestry makes a contribution with id "LocalhostOnly", which one of your modules can override: @Contribute(ClientWhitelist.class) public static void turnOffLocalhostInProduction(OrderedConfigurationWhitelistAnalyzer configuration, @Symbol(SymbolConstants.PRODUCTION_MODE) boolean productionMode) { if (productionMode) { configuration.override("LocalhostOnly", null); } } Frequently Asked Questions Change Notification Preferences View Online