• Post Reply Bookmark Topic Watch Topic
  • New Topic

JBoss/Tomcat Status

John Boss
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I asked this in Security but didn't get a response. Perhaps
it's more appropriate for the JBoss discussion forum.

How important is it to secure the JBoss/Tomcat Status page?
The question is related to this type of system design which
doesn't require login authentication.

An application handles secret URLs with a unique key e.g.

This page will allow access to a secret hosted file:

The idea is that users could then safely e-mail the URL.
A recipient would click the URL (which has the key) and it
would render the file by sending a HTTP GET request for it.

What are the implications of having the status page available.
Would there be a slight security risk of someone seeing the
GET request on this page and getting access to the content?
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!