> I understand the security benefits for a JSP page, but are > there any for CSS pages, JS files, or images? What does it > help with statistics?
Some people/sites restricts access to some images (and other things), as they could contain some information worth protection. As for statistics: You may wanna know, how many of the requested pages are really displayed (by counting not only requests to pages, but requests to images hidden on those pages and loaded via javascript), to detect if you have been crawled or something. Example: You have a porno-site, financed by ads. You want to make sure, people really see ads, and not just downloading your pix via script. A better example: You have a medical site with prepared cardiology images from patients. You want to make sure, that only a logged-in doctor is able to view those images (there are other solutions to do this too, but it serves an example). Another example: You want provide a better caching strategy for static webpage contents. You deliver them with your own action (actually action is the slowest option to stream things out, servlet or jsp (under resin) is better) and set proper headers. But in most cases images, scripts and stylesheets are served well by webservers, so there is no need to put them under WEB-INF until there is no explicit need. As for putting jsps under WEB-INF, it's a matter of taste, in a struts application, a jsp even if it can be accessed by the browser, wouldn't deliver anything senseful, since it would miss attributes set by the action. Regards Leon > > > On Wed, 23 Feb 2005 22:44:37 +0100, Leon Rosenberg > <[EMAIL PROTECTED]> wrote: > > > What would be the benefits to doing this? (just curious) > > > > Control access to items for security and statistics for example > > > > > -- > Jeff Beal > Webmedx, Inc. > Pittsburgh, PA USA > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]