J2EE security question

Thread view:

Lian Liming - 06 Jan 2006 09:35 GMT

Hi all,

New to J2EE, forgive me if this is a silly question. I wonder what
security problems will be caused if exposing the class's path on web
server to the client side. For example, use "com.exmaple.test" in the
form's action url.

Thanks in advance!

Reply to this Message

zero - 07 Jan 2006 12:06 GMT

"Lian Liming" <lianliming@gmail.com> wrote in news:1136540159.113501.181420
@z14g2000cwz.googlegroups.com:

> Hi all,
>
[quoted text clipped - 4 lines]
>
> Thanks in advance!

I don't know much about security or hacking, but it seems to me like you
want potential hackers to know as little as possible about your system.
Most platforms represent the path to class files as directory structures,
so if you expose the class path, the hacker will know those directories
exist. Although this may not be critical information, the less potential
hackers know about your system, the better.

Signature

Beware the False Authority Syndrome

Reply to this Message

Chris Smith - 07 Jan 2006 17:16 GMT

> New to J2EE, forgive me if this is a silly question. I wonder what
> security problems will be caused if exposing the class's path on web
> server to the client side. For example, use "com.exmaple.test" in the
> form's action url.

Are you worried about the classpath, or the package? There is certainly
no risk at all to the class's package name ("com.example.test"). You
may as well avoid exposing the classpath (approximately equivalent to
"C:\theapp\WEB_INF\classes", although the idea of classpath doesn't
apply cleanly to J2EE), although I don't see any large risk there.

Signature

www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

Reply to this Message

J2EE security question

Free Magazines