• Post Reply Bookmark Topic Watch Topic
  • New Topic

JBoss/Tomcat Status  RSS feed

John Boss
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I asked this in Security but didn't get a response. Perhaps
it's more appropriate for the JBoss discussion forum.

How important is it to secure the JBoss/Tomcat Status page?
The question is related to this type of system design which
doesn't require login authentication.

An application handles secret URLs with a unique key e.g.

This page will allow access to a secret hosted file:

The idea is that users could then safely e-mail the URL.
A recipient would click the URL (which has the key) and it
would render the file by sending a HTTP GET request for it.

What are the implications of having the status page available.
Would there be a slight security risk of someone seeing the
GET request on this page and getting access to the content?
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!