J2EE security question

[Lian Liming]

Hi all,

New to J2EE, forgive me if this is a silly question. I wonder what
security problems will be caused if exposing the class's path on web
server to the client side. For example, use "com.exmaple.test" in the
form's action url.

Thanks in advance!

 

[zero]

Hi all,

New to J2EE, forgive me if this is a silly question. I wonder what
security problems will be caused if exposing the class's path on web
server to the client side. For example, use "com.exmaple.test" in the
form's action url.

Thanks in advance!

I don't know much about security or hacking, but it seems to me like you
want potential hackers to know as little as possible about your system.
Most platforms represent the path to class files as directory structures,
so if you expose the class path, the hacker will know those directories
exist. Although this may not be critical information, the less potential
hackers know about your system, the better.

 

[Chris Smith]

New to J2EE, forgive me if this is a silly question. I wonder what
security problems will be caused if exposing the class's path on web
server to the client side. For example, use "com.exmaple.test" in the
form's action url.

Are you worried about the classpath, or the package? There is certainly
no risk at all to the class's package name ("com.example.test"). You
may as well avoid exposing the classpath (approximately equivalent to
"C:\theapp\WEB_INF\classes", although the idea of classpath doesn't
apply cleanly to J2EE), although I don't see any large risk there.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation