>>>>> "Rajesh" == Rajesh Nair <[EMAIL PROTECTED]> writes:
Rajesh> Isn't it possible to put the pages under a directory with a restricted
Rajesh> Access Control?? Or
Rajesh> am I missing something. My impression was that by setting the directory
Rajesh> permissions
Rajesh> using your web server's ACL, static pages can be protected from requests??
Rajesh> Then the servlet
Rajesh> would be able to serve the pages from the directory somehow??
Yes, you can do that, but that means your security (the ACL) has to be
integrated into the web server. I saw this situation where login
validation was done in a CORBA server, which made the decision on
whether to allow redirecting to the download page. The CORBA server
is also used to dynamically add or delete allowed user records.
Having to install that information into the web server each time it
changes would be difficult. I'm not even sure whether that's possible
to do under program control (please educate me if that's not the case).
--
===============================================================================
David M. Karr ; [EMAIL PROTECTED] ; w:(425)487-8312 ; TCSI & Best Consulting
Software Engineer ; Unix/Java/C++/X ; BrainBench CJP (4/20/1999)
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
