tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Siva prakash I V <sivaprakash...@gmail.com>
Subject Re: Protecting static resources in IIS
Date Tue, 02 Nov 2010 15:48:02 GMT
Hi Rob,

My app contains a sequence of images like for eg. A/11.gif, A/12.gif, ....
A/19.gif, B/21.gif... etc.
These images are used to identify a valid user of my app.
As these images are easily guessable, it may be easy for anyone to download
all possible images and may lead to phishing attack.
Having said that I can't place my images in Tomcat and get it served by a
servlet( a performance penalty ) and neither I can change my image names to
ones which are not easily guessable.
My tomcat app jsps should continue using the existing images.



On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory <Rob.Gregory@ibsolutions.com>wrote:

> Hi Siva,
>
> The only way I know of protecting an 'actual' request for a specific
> resource is to remove the resource from the web server. I Can't see why
> you would want to stop access to something when it is actually requested
> otherwise what would be the point of deploying it (if nothing can access
> it). Sorry if I misunderstand the question.
>
>
> > -----Original Message-----
> > From: Siva prakash I V [mailto:sivaprakash.iv@gmail.com]
> > Sent: 02 November 2010 14:44
> > To: Tomcat Users List
> > Subject: Re: Protecting static resources in IIS
> >
> > Firstly, Thanks for the info.
> >
> > I've done what you've said.
> >
> > Consider my directory structure as below in IIS.
> >
> > <IISROOT>/images/TestDir/A.gif
> > <IISROOT>/images/TestDir/index.html  (newly introduced one)
> >
> > If  I hit the following url, it shows the index.html
> > https://<hostname>/images/TestDir/
> <https://%3chostname%3e/images/TestDir/>
> >
> > but if I hit the following url, it shows the image A.gif which needs
> to be
> > restricted its access.
> >
> >
> https://<hostname>/images/TestDir/A.gif<https://%3chostname%3e/images/Te
> stDir/
>  > A.gif>
> >
> > Please let me know if this can be resolved.
> >
> >
> > Thanks,
> > Siva Prakash
> >
> >
> > On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory
> > <Rob.Gregory@ibsolutions.com>wrote:
> >
> > > While this is not a forum nor is the mailing list about IIS a quick
> > > suggestion and one we implement is to place a blank (or custom)
> > > index.html file into every directory within the site. This will then
> be
> > > served up when requests for resources are received.
> > >
> > > Hope that helps
> > > Rob
> > >
> > > > -----Original Message-----
> > > > From: Siva prakash I V [mailto:sivaprakash.iv@gmail.com]
> > > > Sent: 02 November 2010 14:08
> > > > To: users@tomcat.apache.org
> > > > Subject: Protecting static resources in IIS
> > > >
> > > > Hi,
> > > >
> > > > Though I know that this forum is not for IIS related questions, It
> > > will be
> > > > great if someone can help me out with the following problem.
> > > >
> > > > I need to protect the end user's access (thru a url) to the static
> > > resources
> > > > like images directory in IIS but still allowing my app jsps in
> Tomcat
> > > ROOT.
> > > >
> > > >
> > > > Thanks,
> > > > Siva Prakash
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message