tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mikolaj Rydzewski <>
Subject Re: Protecting static resources in IIS
Date Tue, 02 Nov 2010 15:54:51 GMT

 On Tue, 2 Nov 2010 21:18:02 +0530, Siva prakash I V 
 <> wrote:

> My app contains a sequence of images like for eg. A/11.gif, A/12.gif, 
> ....
> A/19.gif, B/21.gif... etc.
> These images are used to identify a valid user of my app.
> As these images are easily guessable, it may be easy for anyone to 
> download
> all possible images and may lead to phishing attack.
> Having said that I can't place my images in Tomcat and get it served 
> by a
> servlet( a performance penalty ) and neither I can change my image 
> names to
> ones which are not easily guessable.
> My tomcat app jsps should continue using the existing images.

 Smells like security by obscurity...

 Hint: how do you want your legitimate clients to access those images if 
 they are well protected?

 Mikolaj Rydzewski <>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message