Perhaps I should have asked this in the Beginner's forum but it is a security related question.
How important is it to secure the JBoss/Tomcat Status page? e.g. domain.com/status If an application handles secret URLs with a unique key rather than relying on a login e.g. domain.com/show.do?key=0123456789ABCDEF and that web page renders content which is a secret hosted file: domain.com/files/0123456789ABCDEF.ext Users then exchange the links to a recipient with the private URL. The files are fetched with a HTTP GET request. What are the implications of having the status page publicly available. Would there be a slight security risk of someone seeing the GET requests on this page and accessing the content? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166326#4166326 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4166326 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
