I'm unclear as to what you are talking about as far as validating the path and hiding the directory. Are you trying to keep people from getting access to the files in WebServerResources without the request going through the WO application?
The problem: http://somesite/MyApp/WebObjects/MyApp.woa/wr/wodata=/etc/passwd (and perhaps with the default implementation) http://somesite/MyApp/WebObjects/MyApp.woa/wr/wodata=http://www.trojanhorses.devil/ for instance ;-) Oliver Am 28.05.2008 um 20:34 schrieb David Avendasora:
I deploy to Windows as a WAR and I have a WebServerResources directory at the root of the WAR, at the same level as WEB-INF and META-INF.To get the image and .css, .js, etc files put in there when I build I have the following in the SSDD target of my Ant build.xml file:<mkdir dir="${dest.dir}/${project.name}/WebServerResources" /> <copy todir="${dest.dir}/${project.name}/WebServerResources"> <fileset dir="WebServerResources"> <include name="**" /> </fileset> </copy>I really can't remember if that is something I added or if it was already in the build.xml file by default.This allows me to copy one WAR file to the server and when Tomcat starts up, it expands the WAR to a SSDD and the images, css, etc are all where they need to be for the app. No additional steps.I'm unclear as to what you are talking about as far as validating the path and hiding the directory. Are you trying to keep people from getting access to the files in WebServerResources without the request going through the WO application?Dave On May 28, 2008, at 2:05 PM, Oliver Scheel wrote:To serve images and CSS files through tomcat, you can put your images and files in the ROOT webapp under the WEBAPPS directory, I place my images in a directory named images. If you are using the JK connector you put them on your webserver in the root directory and images directory .one of the difficulties in the current project is, that I can only upload/provide a WAR ;-) I don't have any direct access to anything else and also want to keep the installation procedure as much simple as possible.My idea would be to validate the wodata path against something like WEBINFOROOT/MyApp.woa/Contents/WebServerResources (or better but less secure to catch all frameworks) - path must contain "WebServerResources"...Much better would be to additionally encrypt the string to hide the physical directory completely.Oliver _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/webobjects%40avendasora.com This email sent to [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
