Just a thought or two --
1) Setup a request filter that detects when the URL contains the pattern CVS/ and redirects to a default or error page.
-or-
2) Setup a servlet mapping for any of the potential CVS URLs and have them map to a servlet that responds with an error or redirect.
--David
Mario Winterer wrote:
Thanks for your and Nix' advice - I know that what I do is not the clean and nice approach. If I were you, I'd challenge my solution too!
But: In fact - we do have local CVS sandboxes on the development PCs - and we do have a separate development webserver for testing. And we do use this system when we are developing, testing and bugfixing our web application.
But while we are developing, several people need to maintain static resources. Not a big thing, just updating a handful of HTML pages. To make things easier this changes are done directly on the "real" webserver (please do not challenge that - this approach is OK for us).
By using CVS on the "real" webserver, we kill two birds with one stone:
1) The static content is versioned
2) By using branches, we can easily merge the content of the "real" server (the HEAD-branch) and the development version (the development-branch) from time to time.
All that without a big deployment process (that makes it difficult for the handful of people that just want to do some minor updates of their web pages).
So our CVS solution is the best one for our needs - I think.
But back to my question: Is there a (good and secure) way to protect my CVS resources?
Best regards, Tex
How about doing your development in a different area, and do your your deployment via export?
You could also frontend your Tomcat wtih Apache and deny access with Apache.
Just a couple of random thoughts . . . /mde/
__________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
