Protecting the directory content - Websphere

This is a discussion on Protecting the directory content - Websphere ; Hi there, We're still using WAS5 and I wonder how I can protect the content of the directories (the JSPs are in the root directories and not under WEB-INF) by using the WebSphere Configuration/Admin features rather than by the code. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Protecting the directory content

  1. Protecting the directory content

    Hi there,

    We're still using WAS5 and I wonder how I can protect the content of the directories (the JSPs are in the root directories and not under WEB-INF) by using the WebSphere Configuration/Admin features rather than by the code.

    Any help would be appreciated.
    Naqsh

  2. Re: Protecting the directory content

    rnaqshbe@csc.com wrote:
    > Hi there,
    >
    > We're still using WAS5 and I wonder how I can protect the content of the directories (the JSPs are in the root directories and not under WEB-INF) by using the WebSphere Configuration/Admin features rather than by the code.
    >
    > Any help would be appreciated.
    > Naqsh


    Protect them from what?

    If your users are hitting a JSP URL and they're getting the source, turn
    off file-serving.

    Ken

  3. Re: Protecting the directory content

    If you have partial jsp files (jsp fragments), you can manually create a
    "jspf" folder under WEB-INF and move the jsp fragment files there.

    Of course, you will have to fix all references to those files in your
    application, as well. That will give you the functionality of "secure"
    jsp fragments that current web/application servers have.

    --Jason


    rnaqshbe@csc.com wrote:
    > Hi there,
    >
    > We're still using WAS5 and I wonder how I can protect the content of the directories (the JSPs are in the root directories and not under WEB-INF) by using the WebSphere Configuration/Admin features rather than by the code.
    >
    > Any help would be appreciated.
    > Naqsh


+ Reply to Thread