If you can access ANYTHING in WEB-INF, you have a defective application
server. See if you can access your .class files that way, or your web.xml
file.
----- Original Message -----
From: "Matt Raible" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 26, 2001 12:22 PM
Subject: Place all Java ServerPages below WEB-INF
> In Ted Husted's Catalog at http://husted.com/about/struts/catalog.htm, he
> states the following:
>
> Place all Java ServerPages below WEB-INF
> The container provides security for all files below WEB-INF. This applies
to
> client requests, but not forwards from the ActionServlet. Placing all JSPs
> below WEB-INF ensure that they are only accessed through Actions, and not
> directly by the client or each other. This allows security to be moved up
into
> the Controller, where it can be handled more efficiently, and out of the
base
> presentation layer.
>
> I have done this and put all my pages at WEB-INF/pages. However, I can
still
> get to them by typing
http://localhost/NASApp/myApp/WEB-INF/pages/pageName.jsp
> - so I don't see how "security is provided." Maybe it's an iPlanet thing,
but
> here is my directory structure:
>
> APPS
> - app
> - wardir
> - WEB-INF
> - pages
> - eardir
>
> Thanks,
>
> Matt
>
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
>
