J2EE security question

Discussion in 'Java' started by Lian Liming, Jan 6, 2006.

  1. Lian Liming

    Lian Liming Guest

    Hi all,

    New to J2EE, forgive me if this is a silly question. I wonder what
    security problems will be caused if exposing the class's path on web
    server to the client side. For example, use "com.exmaple.test" in the
    form's action url.

    Thanks in advance!
     
    Lian Liming, Jan 6, 2006
    #1
    1. Advertising

  2. Lian Liming

    zero Guest

    "Lian Liming" <> wrote in news:1136540159.113501.181420
    @z14g2000cwz.googlegroups.com:

    > Hi all,
    >
    > New to J2EE, forgive me if this is a silly question. I wonder what
    > security problems will be caused if exposing the class's path on web
    > server to the client side. For example, use "com.exmaple.test" in the
    > form's action url.
    >
    > Thanks in advance!
    >
    >


    I don't know much about security or hacking, but it seems to me like you
    want potential hackers to know as little as possible about your system.
    Most platforms represent the path to class files as directory structures,
    so if you expose the class path, the hacker will know those directories
    exist. Although this may not be critical information, the less potential
    hackers know about your system, the better.

    --
    Beware the False Authority Syndrome
     
    zero, Jan 7, 2006
    #2
    1. Advertising

  3. Lian Liming

    Chris Smith Guest

    Lian Liming <> wrote:
    > New to J2EE, forgive me if this is a silly question. I wonder what
    > security problems will be caused if exposing the class's path on web
    > server to the client side. For example, use "com.exmaple.test" in the
    > form's action url.


    Are you worried about the classpath, or the package? There is certainly
    no risk at all to the class's package name ("com.example.test"). You
    may as well avoid exposing the classpath (approximately equivalent to
    "C:\theapp\WEB_INF\classes", although the idea of classpath doesn't
    apply cleanly to J2EE), although I don't see any large risk there.

    --
    www.designacourse.com
    The Easiest Way To Train Anyone... Anywhere.

    Chris Smith - Lead Software Developer/Technical Trainer
    MindIQ Corporation
     
    Chris Smith, Jan 7, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ryan Pape

    J2EE Security Design Question

    Ryan Pape, Sep 12, 2003, in forum: Java
    Replies:
    1
    Views:
    390
    Bryce (Work)
    Sep 12, 2003
  2. Ross M. Greenberg

    LAMP & J2EE as opposed to LAMP vs J2EE

    Ross M. Greenberg, Dec 12, 2004, in forum: Java
    Replies:
    6
    Views:
    1,405
    Robert kebernet Cooper
    Dec 24, 2004
  3. T.G.
    Replies:
    1
    Views:
    516
    Raymond DeCampo
    Jan 4, 2006
  4. mehdi mousavi
    Replies:
    0
    Views:
    1,045
    mehdi mousavi
    Feb 15, 2009
  5. Rajive Narain
    Replies:
    0
    Views:
    1,347
    Rajive Narain
    Sep 18, 2009
Loading...

Share This Page