1 Reply Latest reply on Dec 9, 2008 12:12 AM by amitev

    Securing xml

    hardaur
    hardaur Dec 8, 2008 3:26 PM

      This almost has to be a stupid question, but I'm lost on it.


      From the browser I can access my page.xml files.


      For instance:  http://www.myhost.com/whatever/admin/userManager.page.xml


      From there if you View Source, it's there for you.  I don't have anything I'm super worried about in there, but it could give a potential attacker some hints as to architecture, security and whatnot.


      What's the right way to secure those resources (and any other non-xhtml resources that may be in the view tree).


      Thanks!
      Gerald


      • 57 Views
      • Tags:
        • 1. Re: Securing xml
          amitev
          amitev Dec 9, 2008 12:12 AM (in response to hardaur)

          Put the following in web.xml:


           <security-constraint>
  <web-resource-collection>
   <web-resource-name>XML</web-resource-name>
   <url-pattern>*.xml</url-pattern>
  </web-resource-collection>
  <auth-constraint/>
 </security-constraint>



          This is a candidate for the documentation.

            • Actions