Hiding href path on hover and source code

361 views Asked by At

I am trying to prevent directory traversal attack on my jsp. As well as sanitising the URL parameters, I want to not expose the directory structure altogether. Is there a way for me to hide/alter the path that the user sees and also in the source code properly?

1

There are 1 answers

3
tnabil On

One approach is to place your JSPs under the WEB-INF folder. The servlet engine will restrict direct access to any files under the WEB-INF folder, which achieves your goal.

To be able to use this approach, all your links and form actions should map to servlets or a similar component in the framework you're using (e.g. actions in Struts, controllers in Spring MVC, etc.). You cannot expose direct links to JSP pages (which is a bad idea anyway).

For example, if you're using Spring MVC, the link will point to a URL which is mapped to a Controller. The controller will retrieve the data required to be displayed on the JSP and then forwards to the JSP (using the appropriate Spring MVC approach).

HTH