For JSP files, it's easy: instead of the source, they will get the processed page. If you do not want your JSP to be called directly, place it in WEB-INF or establish a restriction in web.xml (can't remember at the moment how this is done, but it is not complicated).
For HTML, if they can't be retrieved, how will your web be visible?!
Jars and Class files for your webapp: WEB-INF
Jars and Class files for your applets: publicly available.
Now, if you want to prevent directory listing (security by obscurity), you can: see the DefaultServlet in conf/web.xml.
But that will only hide those files not linked / used in your HTML (linked / used) files, with a root starting at "/", whatever that means, or at any URL published by anyone.
But if you speak a bit of HTML and web technologies, you know that in order to use an applet, the client is required to download the class/jar files that compose the applet. So, it will be able to do whatever he likes with it. If you do not like that, CHANGE your technology... Or hire a private detective and sue any client that decompiles your classes ;-) Still one more option: make your classes (sources and binaries) available under the GPL. That way, you'll have no more worries.
OTOH, if using a modified applet could fool your server, or be somehow bad for you, you have a bad server-side design. Double-check that.
Hope that helps,
Antonio Fiol
Lars Nielsen Lind wrote:
If I place the applet as a *.jar file in the 'public' area of a web folder - is it possible to prevent any programs from scanning the Apache/Tomcat server for extraction of the files (html, jsp, class, jar)?
I want to prevent access by programs to the source files - like /WEB-INF is protected - but in a way so that the applets can be used from the web server?
/Lars Nielsen Lind
----- Original Message ----- From: "SH Solutions" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Sunday, March 28, 2004 7:02 PM
Subject: RE: Tomcat and JApplet / Applet
Howdy,web
But then it is possible for third part to download and read the code inthe applet? or?
How do I protect my applets?No. You need to make your class files accessible only. You do not need
tomcat for this. You can use tomcat as well as apache, iis or any other
server.
You do not need to place your source files anywhere on the server.
In fact, it is possible to decompile the class files, so you get very much of the original source code. Howevery, you cannot prevent this. This is always the case for any applet.
Regards, Steffen
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
