Maurice Yarrow wrote: > The short answer is: if URL's are filtered first, then the actual location > DefaultServlet will need to use is not visible in any of the html. > Only for the authenticated serves will getPathInfo() be appropriately > adjusted and then passed to DefaultServlet.
Huh? > Silly question for Maurice: why are you trying to protect your images? > Do you want to stop people from ripping them off from your site? > > It's not my call, but the customer's. You still didn't answer the question: what is the goal, here? Do you want to "prevent" linking to your images from other pages? Prevent people requesting the images directly? How about "nobody gets an image unless they are authenticated?" -chris
signature.asc
Description: OpenPGP digital signature