Jun 28th, 2011, 05:54 PM
Protect configuration and property files without embedding
I was wondering if there is a way to protect Spring AS configuration files like the application-context.xml and .properties files from being accessible via the web browser? I'd prefer not to allow a knowledgeable person to be able to download my application-context or .properties files sitting in the same directory as the SWF.
I'm used to programming with Spring in Java where I can put those files in the protected /web-inf/ directory.
Embedding or accessing the files on a remote server seem to be the only solutions I could come up with. I'm wondering if there is a better way?
Last edited by bob67; Jun 28th, 2011 at 06:03 PM.
Jun 29th, 2011, 02:54 AM
interesting point. If the application requries you to log in I think what you could do is serve the XML file through a remote call to a JSP page or whatever else. That way you could check if the user is logged before returning the XML file.
In any other case it would become more difficult, since a webserver can't really be configured to only serve a page if its being requested by a SWF file...
In another case you could retrieve the XML thorugh a remoteobject call, that way it'll be a little more difficult for an outsider to get to the XML.
hope that helps a little...