Announcement Announcement Module
No announcement yet.
Protect configuration and property files without embedding Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protect configuration and property files without embedding


    I was wondering if there is a way to protect Spring AS configuration files like the application-context.xml and .properties files from being accessible via the web browser? I'd prefer not to allow a knowledgeable person to be able to download my application-context or .properties files sitting in the same directory as the SWF.

    I'm used to programming with Spring in Java where I can put those files in the protected /web-inf/ directory.

    Embedding or accessing the files on a remote server seem to be the only solutions I could come up with. I'm wondering if there is a better way?

    Last edited by bob67; Jun 28th, 2011, 06:03 PM.

  • #2
    Hey there,

    interesting point. If the application requries you to log in I think what you could do is serve the XML file through a remote call to a JSP page or whatever else. That way you could check if the user is logged before returning the XML file.
    In any other case it would become more difficult, since a webserver can't really be configured to only serve a page if its being requested by a SWF file...
    In another case you could retrieve the XML thorugh a remoteobject call, that way it'll be a little more difficult for an outsider to get to the XML.

    hope that helps a little...