Ron Bolin wrote:
> RE: JSDK 2.0 or 2.1
>
> I have spent some time looking at ways to hide the
> http://<hostname>/servlet/???
> ^ servlet
>
> servlet name from the URL. I know that the internal servletrunner
> requires this mapping. In the interest of security (hackers know
> that this is a servlet) how can one go about completely hiding
> the word servlet in the URL?
>
> One method might be a remapping of the URL inside the web server another
> might be overloading the class that requires the "servlet" prefix, but I don't
> have access to the servlet runner source to overload the method :-( Property
> files allow you to alias the classname, but still does not allow you to
> hide the "servlet" name in the URL.
>
> I know that you can partially hide it using frames or HTML
> pages to drive it, but this does not prevent someone who really cares
> from seeing that a servlet was used since they can see the "servlet"
> path in the URL.
>
> Any comments would be appreciated.
>
> Ron Bolin
>
How to do this depends on the servlet engine you are using, but most servlet
engines that support the 2.1 or later API give you the capability to map a
particular servlet to any path prefix you like, or map it to a filename
extension. For the 2.2 or later API, this ability is required, so you will see
it more and more. In fact, you can turn off the usual ability to use the
"/servlet" prefix if you want to.
If you want to play mind games with someone, and you have a web-based app based
on a single servlet architecture, you can map the servlet to "*.asp" and watch
people make blatantly incorrect assumptions :-). For that matter, how do YOU
know that a request URI like "image.gif" is served from a static file? Only your
web server knows for sure ...
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
