Register / Login
Portals and Portlets
posted 8 years ago
I asked this in Security but didn't get a response. Perhaps
it's more appropriate for the
How important is it to secure the JBoss/Tomcat Status page?
The question is related to this type of system design which
doesn't require login authentication.
An application handles secret URLs with a unique key e.g.
This page will allow access to a secret hosted file:
The idea is that users could then safely e-mail the URL.
A recipient would click the URL (which has the key) and it
would render the file by sending a HTTP GET request for it.
What are the implications of having the status page available.
Would there be a slight security risk of someone seeing the
GET request on this page and getting access to the content?
Unable to login to manager GUI
security-constraint not working
default index.jsp in IIS6 shows source code
Problem in configuring struts application
JBoss Status Page