> From: Christopher Schultz [mailto:[EMAIL PROTECTED] > Subject: Re: Tomcat Security > > Since each image could have different authorization settings, > you can't just use the servlet container's built-in authorization > (set up in web.xml). You will have to enforce this yourself.
Not sure that's necessarily true. If the URI used to request the image used paths segregated by accessibility, I think most of the access checks could be handled by the appropriate declarative security constraints. > If so, I think your original question was poorly worded. I > think we all thought you were asking how to prevent downloading > of images in general That was certainly my interpretation. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]