Jackson Ching wrote:
> Craig McClanahan,
>
> >
> >Being able to decompile a class file presumes that you can read the bytecodes of
>the class file, right?
> >
> Assumming the hacker was able to get the class file and wish to decompile.
>
> >The recommended placement for class files in a web application is the
>WEB-INF/classes or WEB-INF/lib directory in a web application based on the servlet
>2.2 or later specification. There is an additional
> >requirement in this spec -- the servlet container is not allowed to serve any file
>under WEB-INF in response to a client request. Therefore, your putative hacker
>cannot get ahold of the bytecodes of your
> >servlets (unless you happen to store them someplace else in your document root,
>which would be a "bad thing"), and they can therefore not decompile your classes.
>
> On what platform and what web-server does WEB-INF located? where do i get
>more information on this? Thanks
>
The "WEB-INF" directory structure is a feature of the Servlet API Specification,
version 2.2. Among other things, a standard deployment format for web applications is
defined in this spec, which includes the
features described above. To download the spec, go to
<http://java.sun.com/products/servlet/download.html>.
>
> Jack
>
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
