I just tried this on the tap 5 tutorial. Requesting the asset service
via /assests (http://localhost:8080/tapestry-tutorial1/assets/)
basically gives you a classpath listing, much like directory index. I
see log4j.properties and org. I can download the log4j - scary - and can
navigate through the classpath as if it where a filesystem. When I tried
to download class bytes for the Start page class
(http://localhost:8080/tapestry-tutorial1/assets/org/apache/tapestry/tutorial/pages/Start.class),
I get 403 and a message about the digest in the request not matching.
So somewhere in there is some sanity, but why does this not apply to
log4/hibernate/etc configurations (maybe b/c they are text??), and why
does the service allow me to effectively browse the classpath?
Anyway, those are my pokings and findings. It seems like this may be
something left in for debugging but should certainly be fixed.
chris
Thiago H de Paula Figueiredo wrote:
On Thu, 26 Jul 2007 23:20:50 -0300, Robert Zeigler
<[EMAIL PROTECTED]> wrote:
Asset service doesn't really need a configuration point here, imo.
You can already make contributions to services that would allow you
to implement this sort of content filtering.
I agree up to a point. It's a concern that almost all projects have,
so the framework could (and should) provide an easy way to solve, be
it some configuration point in AssetService or another dispatcher
provided by Tapestry.
Thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
