• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Disabling doTrace method

 
kalle suresh
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

As a part of security audit, we need to disable the trace method. As per my knowledge, this trace method is enabled by default. We need to disable it through code only. Inorder to perform this, in my servlet code if i put the below code in my servlet
doTrace(req,res)
{
}
is sufficient. As the trace is called by the container, if we override the trace method, without any action, this overridden method will be called and default behaviour of the dotrace will be disabled. Am I right?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Am I right?

Yes, but you'll have to do it for all controllers. If you are using servlets 2.4, you could use a filter and check the HttpServletRequest#getMethod() returned value.
 
kalle suresh
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a lot.
 
Ismet Togay
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys,

I think there is a better way: To prevent users from doing TRACE requests...
And it is not a programmatic but a declerative way..

You can just need to modify DD as the following:

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic