Safety of images under the WEB-INF?
Hello, I am doing a project where I dont want people to be able to link directly to certian images/files unless they are logged in through my security framework. The question is, if I put an images directory under the WEB-INF and serve the images up through a service, how safe are these images? Can they be retreived without going through my service(which i can check if they have access or not) and if so, how? Thank you, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Safety of images under the WEB-INF?
Hi, No, they can't be viewed directly: the servlet container is prohibited from serving content under WEB-INF directories by the Servlet Specification. This is strictly implemented by all servlet container I know of, and is easy to test in your installation by trying to access the image under WEB-INF. Yoav Shapira Millennium Research Informatics -Original Message- From: James Sherwood [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 11:02 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Safety of images under the WEB-INF? Hello, I am doing a project where I dont want people to be able to link directly to certian images/files unless they are logged in through my security framework. The question is, if I put an images directory under the WEB-INF and serve the images up through a service, how safe are these images? Can they be retreived without going through my service(which i can check if they have access or not) and if so, how? Thank you, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Safety of images under the WEB-INF?
However, if you run Tomcat behind Apache, you should ensure that none of your WEB-INF folders will be served by Apache. - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 6:53 PM Subject: RE: Safety of images under the WEB-INF? Hi, No, they can't be viewed directly: the servlet container is prohibited from serving content under WEB-INF directories by the Servlet Specification. This is strictly implemented by all servlet container I know of, and is easy to test in your installation by trying to access the image under WEB-INF. Yoav Shapira Millennium Research Informatics -Original Message- From: James Sherwood [mailto:[EMAIL PROTECTED] Sent: Thursday, June 17, 2004 11:02 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Safety of images under the WEB-INF? Hello, I am doing a project where I dont want people to be able to link directly to certian images/files unless they are logged in through my security framework. The question is, if I put an images directory under the WEB-INF and serve the images up through a service, how safe are these images? Can they be retreived without going through my service(which i can check if they have access or not) and if so, how? Thank you, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
