I am trying to prevent directory traversal attack on my jsp. As well as sanitising the URL parameters, I want to not expose the directory structure altogether. Is there a way for me to hide/alter the path that the user sees and also in the source code properly?
Hiding href path on hover and source code
361 views Asked by obsessiveCookie At
1
There are 1 answers
Related Questions in JAVA
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- How to catch WM_DEVICECHANGE in a control other than TForm?
- show information with Rolling / moving messages delphi xe7
- What is the different between "Console target" and "GUI target" in DCC32 option?
- How to add new online ressources to RAD Studio help system
- C# and Delphi code have different behaviour when importing unmanaged dll
- Loop through records on a cxgrid and update a field/column
- Delphi 7 - Save to a Specific .INI Files Name
- TImagelist for large images
- how to modify a function so it returns an array of strings
Related Questions in JSP
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- How to catch WM_DEVICECHANGE in a control other than TForm?
- show information with Rolling / moving messages delphi xe7
- What is the different between "Console target" and "GUI target" in DCC32 option?
- How to add new online ressources to RAD Studio help system
- C# and Delphi code have different behaviour when importing unmanaged dll
- Loop through records on a cxgrid and update a field/column
- Delphi 7 - Save to a Specific .INI Files Name
- TImagelist for large images
- how to modify a function so it returns an array of strings
Related Questions in PATH
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- How to catch WM_DEVICECHANGE in a control other than TForm?
- show information with Rolling / moving messages delphi xe7
- What is the different between "Console target" and "GUI target" in DCC32 option?
- How to add new online ressources to RAD Studio help system
- C# and Delphi code have different behaviour when importing unmanaged dll
- Loop through records on a cxgrid and update a field/column
- Delphi 7 - Save to a Specific .INI Files Name
- TImagelist for large images
- how to modify a function so it returns an array of strings
Related Questions in HREF
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- How to catch WM_DEVICECHANGE in a control other than TForm?
- show information with Rolling / moving messages delphi xe7
- What is the different between "Console target" and "GUI target" in DCC32 option?
- How to add new online ressources to RAD Studio help system
- C# and Delphi code have different behaviour when importing unmanaged dll
- Loop through records on a cxgrid and update a field/column
- Delphi 7 - Save to a Specific .INI Files Name
- TImagelist for large images
- how to modify a function so it returns an array of strings
Related Questions in COPY-PROTECTION
- How to not load all database records in my TListbox in Firemonkey Delphi XE8
- How to catch WM_DEVICECHANGE in a control other than TForm?
- show information with Rolling / moving messages delphi xe7
- What is the different between "Console target" and "GUI target" in DCC32 option?
- How to add new online ressources to RAD Studio help system
- C# and Delphi code have different behaviour when importing unmanaged dll
- Loop through records on a cxgrid and update a field/column
- Delphi 7 - Save to a Specific .INI Files Name
- TImagelist for large images
- how to modify a function so it returns an array of strings
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
One approach is to place your JSPs under the WEB-INF folder. The servlet engine will restrict direct access to any files under the WEB-INF folder, which achieves your goal.
To be able to use this approach, all your links and form actions should map to servlets or a similar component in the framework you're using (e.g. actions in Struts, controllers in Spring MVC, etc.). You cannot expose direct links to JSP pages (which is a bad idea anyway).
For example, if you're using Spring MVC, the link will point to a URL which is mapped to a Controller. The controller will retrieve the data required to be displayed on the JSP and then forwards to the JSP (using the appropriate Spring MVC approach).
HTH