On 07/08/2012 11:45, Hussein Shafie wrote: > If the ``public'' directory containing xxe.jnlp and all the signed > jars has no index option and if the filenames of xxe.jnlp and all the > signed jar files are mangled (e.g. xxe56x7az45.jnlp, xxe56x7az45.jar), > I wonder how someone which is not one of your customers (that is, who > has no access to the HTML page embedding the applet and hence, > pointing to xxe56x7az45.jnlp) could obtain a copy of xxe jars.
Hmm indeed, we could even serve those files from a random directory name that changes periodically... Thansk for the hint! Camille. -- XMLmind XML Editor Support List [email protected] http://www.xmlmind.com/mailman/listinfo/xmleditor-support
