[jboss-user] [Security & JAAS/JBoss] - JBoss Status Page

Thursday, 24 July 2008

Perhaps I should have asked this in the Beginner's forum but it is a security related
question. 

How important is it to secure the JBoss/Tomcat Status page? e.g. domain.com/status

If an application handles secret URLs with a unique key rather than relying on a login
e.g.
domain.com/show.do?key=0123456789ABCDEF

and that web page renders content which is a secret hosted file:
domain.com/files/0123456789ABCDEF.ext

Users then exchange the links to a recipient with the private URL.
The files are fetched with a HTTP GET request. What are the implications
of having the status page publicly available. Would there be a slight
security risk of someone seeing the GET requests on this page and 
accessing the content?

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4166326#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - JBoss Status Page