If someone wanted to secure their server, meaning not having documentation or examples or anything but *their* application, what is the minimum to have a running server? Are the "WEB-INF" and the "lps" folders enough? Can the "WEB-INF/classes/examples" folder be removed? Is the "tools" folder needed?

I'm using the new 2.2 version, if that makes a difference.

Thanks in advance,

Kevin

This answer describes what to do for LPS 2.2.

You can safely remove everything under the webapp except the WEB-INF directory and the lps directory.

1) Keep only:
lps-2.2/WEB-INF
lps-2.2/lps

2) You *should* also remove

lps-2.2/lps/utils

as it includes the source code viewer jsp and other unneeded utilities.


------

Depending on your deployment you can remove other pieces of lps-2.2/lps as well including

admin -
the administrative console
(recommended you leave)

components, fonts, assets, includes -
depends on whether your application
uses these laszlo provided resources
In general, recommended you leave
them all since it's not well documented
how to determine what you're using.



See the deployer's guide chapter of the developer's guide for other details on locking down the LPS wrt to config settings. I think Laszlo provided a WEB-INF/lps/config-deploy directory that is an example of what a deployment would look like. Simply move WEB-INF/lps/config out of the way and move WEB-INF/lps/config-deploy to WEB-INF/lps/config.

-Eric

Great! Thanks for the info, Eric. There's quite a bit of buzz over Laszlo, and it's so nice to get detailed answers so quickly. :D