0 Replies Latest reply on Jul 24, 2008 3:31 AM by david_c

    JBoss Status Page

      Perhaps I should have asked this in the Beginner's forum but it is a security related question.

      How important is it to secure the JBoss/Tomcat Status page? e.g. domain.com/status

      If an application handles secret URLs with a unique key rather than relying on a login e.g.
      domain.com/show.do?key=0123456789ABCDEF

      and that web page renders content which is a secret hosted file:
      domain.com/files/0123456789ABCDEF.ext

      Users then exchange the links to a recipient with the private URL.
      The files are fetched with a HTTP GET request. What are the implications
      of having the status page publicly available. Would there be a slight
      security risk of someone seeing the GET requests on this page and
      accessing the content?