Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > J2EE security question

Reply
Thread Tools

J2EE security question

 
 
Lian Liming
Guest
Posts: n/a
 
      01-06-2006
Hi all,

New to J2EE, forgive me if this is a silly question. I wonder what
security problems will be caused if exposing the class's path on web
server to the client side. For example, use "com.exmaple.test" in the
form's action url.

Thanks in advance!

 
Reply With Quote
 
 
 
 
zero
Guest
Posts: n/a
 
      01-07-2006
"Lian Liming" <(E-Mail Removed)> wrote in news:1136540159.113501.181420
@z14g2000cwz.googlegroups.com:

> Hi all,
>
> New to J2EE, forgive me if this is a silly question. I wonder what
> security problems will be caused if exposing the class's path on web
> server to the client side. For example, use "com.exmaple.test" in the
> form's action url.
>
> Thanks in advance!
>
>


I don't know much about security or hacking, but it seems to me like you
want potential hackers to know as little as possible about your system.
Most platforms represent the path to class files as directory structures,
so if you expose the class path, the hacker will know those directories
exist. Although this may not be critical information, the less potential
hackers know about your system, the better.

--
Beware the False Authority Syndrome
 
Reply With Quote
 
 
 
 
Chris Smith
Guest
Posts: n/a
 
      01-07-2006
Lian Liming <(E-Mail Removed)> wrote:
> New to J2EE, forgive me if this is a silly question. I wonder what
> security problems will be caused if exposing the class's path on web
> server to the client side. For example, use "com.exmaple.test" in the
> form's action url.


Are you worried about the classpath, or the package? There is certainly
no risk at all to the class's package name ("com.example.test"). You
may as well avoid exposing the classpath (approximately equivalent to
"C:\theapp\WEB_INF\classes", although the idea of classpath doesn't
apply cleanly to J2EE), although I don't see any large risk there.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best JAVA/ J2EE Training Institute in Delhi, Live Projects onJAVA/J2EE, Short term Java courses are also available. Rajive Narain Java 0 09-18-2009 10:48 AM
Shine J2EE Framework 1.2 Vs. J2EE Frameworks mehdi mousavi Java 0 02-15-2009 04:55 PM
j2ee SDK, javax.* and j2ee implementations T.G. Java 1 01-04-2006 08:22 PM
LAMP & J2EE as opposed to LAMP vs J2EE Ross M. Greenberg Java 6 12-24-2004 09:59 PM
J2EE Security Design Question Ryan Pape Java 1 09-12-2003 07:40 PM



Advertisments