tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Gregory" <Rob.Greg...@ibsolutions.com>
Subject RE: Protecting static resources in IIS
Date Tue, 02 Nov 2010 16:38:44 GMT
Are you trying to implement some form of Capatcha to stop automated
attacks against a logon screen or something similar? If so there is a
nice opensource one @ http://jcaptcha.sourceforge.net/ and an
alternative from Google http://www.captcha.net/  which support audio
(but requires an internet connection and an account). I implemented both
so that when the required credentials are available it uses the google
one and degrades to the JCaptcha one which works very nice.

Otherwise it sounds like you need a security filter within tomcat and
let Tomcat serve up these images. Tomcat in my opinion is just as good
at serving static content as Apache or IIS is.

Regards
Rob

> -----Original Message-----
> From: Siva prakash I V [mailto:sivaprakash.iv@gmail.com]
> Sent: 02 November 2010 15:48
> To: Tomcat Users List
> Subject: Re: Protecting static resources in IIS
> 
> Hi Rob,
> 
> My app contains a sequence of images like for eg. A/11.gif, A/12.gif,
....
> A/19.gif, B/21.gif... etc.
> These images are used to identify a valid user of my app.
> As these images are easily guessable, it may be easy for anyone to
download
> all possible images and may lead to phishing attack.
> Having said that I can't place my images in Tomcat and get it served
by a
> servlet( a performance penalty ) and neither I can change my image
names to
> ones which are not easily guessable.
> My tomcat app jsps should continue using the existing images.
> 
> 
> 
> On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory
> <Rob.Gregory@ibsolutions.com>wrote:
> 
> > Hi Siva,
> >
> > The only way I know of protecting an 'actual' request for a specific
> > resource is to remove the resource from the web server. I Can't see
why
> > you would want to stop access to something when it is actually
requested
> > otherwise what would be the point of deploying it (if nothing can
access
> > it). Sorry if I misunderstand the question.
> >
> >
> > > -----Original Message-----
> > > From: Siva prakash I V [mailto:sivaprakash.iv@gmail.com]
> > > Sent: 02 November 2010 14:44
> > > To: Tomcat Users List
> > > Subject: Re: Protecting static resources in IIS
> > >
> > > Firstly, Thanks for the info.
> > >
> > > I've done what you've said.
> > >
> > > Consider my directory structure as below in IIS.
> > >
> > > <IISROOT>/images/TestDir/A.gif
> > > <IISROOT>/images/TestDir/index.html  (newly introduced one)
> > >
> > > If  I hit the following url, it shows the index.html
> > > https://<hostname>/images/TestDir/
> > <https://%3chostname%3e/images/TestDir/>
> > >
> > > but if I hit the following url, it shows the image A.gif which
needs
> > to be
> > > restricted its access.
> > >
> > >
> >
https://<hostname>/images/TestDir/A.gif<https://%3chostname%3e/images/Te
> > stDir/
> >  > A.gif>
> > >
> > > Please let me know if this can be resolved.
> > >
> > >
> > > Thanks,
> > > Siva Prakash
> > >
> > >
> > > On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory
> > > <Rob.Gregory@ibsolutions.com>wrote:
> > >
> > > > While this is not a forum nor is the mailing list about IIS a
quick
> > > > suggestion and one we implement is to place a blank (or custom)
> > > > index.html file into every directory within the site. This will
then
> > be
> > > > served up when requests for resources are received.
> > > >
> > > > Hope that helps
> > > > Rob
> > > >
> > > > > -----Original Message-----
> > > > > From: Siva prakash I V [mailto:sivaprakash.iv@gmail.com]
> > > > > Sent: 02 November 2010 14:08
> > > > > To: users@tomcat.apache.org
> > > > > Subject: Protecting static resources in IIS
> > > > >
> > > > > Hi,
> > > > >
> > > > > Though I know that this forum is not for IIS related
questions, It
> > > > will be
> > > > > great if someone can help me out with the following problem.
> > > > >
> > > > > I need to protect the end user's access (thru a url) to the
static
> > > > resources
> > > > > like images directory in IIS but still allowing my app jsps in
> > Tomcat
> > > > ROOT.
> > > > >
> > > > >
> > > > > Thanks,
> > > > > Siva Prakash
> > > >
> > > >
> >
---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > > For additional commands, e-mail: users-help@tomcat.apache.org
> > > >
> > > >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message