I am trying to prevent directory traversal attack on my jsp. As well as sanitising the URL parameters, I want to not expose the directory structure altogether. Is there a way for me to hide/alter the path that the user sees and also in the source code properly?
Hiding href path on hover and source code
383 views Asked by obsessiveCookie At
1
There are 1 answers
Related Questions in JAVA
- arduino find text in webpage
- Arduino serial works fine with Debian but hangs with Raspbian
- Need help getting value from html slider on yun to arduino value
- Arduino RPM Detection
- How do you do forward declarations in arduino code?
- ESP8266 and Arduino Interfacing
- Async HTTP Request and Arduino
- Arduino NearBus NearbusEther_v16.h: No such file or directory
- Arduino data type confusion. Have string, need const char?
- Connecting a USB serial device to the Arduino directly
Related Questions in JSP
- arduino find text in webpage
- Arduino serial works fine with Debian but hangs with Raspbian
- Need help getting value from html slider on yun to arduino value
- Arduino RPM Detection
- How do you do forward declarations in arduino code?
- ESP8266 and Arduino Interfacing
- Async HTTP Request and Arduino
- Arduino NearBus NearbusEther_v16.h: No such file or directory
- Arduino data type confusion. Have string, need const char?
- Connecting a USB serial device to the Arduino directly
Related Questions in PATH
- arduino find text in webpage
- Arduino serial works fine with Debian but hangs with Raspbian
- Need help getting value from html slider on yun to arduino value
- Arduino RPM Detection
- How do you do forward declarations in arduino code?
- ESP8266 and Arduino Interfacing
- Async HTTP Request and Arduino
- Arduino NearBus NearbusEther_v16.h: No such file or directory
- Arduino data type confusion. Have string, need const char?
- Connecting a USB serial device to the Arduino directly
Related Questions in HREF
- arduino find text in webpage
- Arduino serial works fine with Debian but hangs with Raspbian
- Need help getting value from html slider on yun to arduino value
- Arduino RPM Detection
- How do you do forward declarations in arduino code?
- ESP8266 and Arduino Interfacing
- Async HTTP Request and Arduino
- Arduino NearBus NearbusEther_v16.h: No such file or directory
- Arduino data type confusion. Have string, need const char?
- Connecting a USB serial device to the Arduino directly
Related Questions in COPY-PROTECTION
- arduino find text in webpage
- Arduino serial works fine with Debian but hangs with Raspbian
- Need help getting value from html slider on yun to arduino value
- Arduino RPM Detection
- How do you do forward declarations in arduino code?
- ESP8266 and Arduino Interfacing
- Async HTTP Request and Arduino
- Arduino NearBus NearbusEther_v16.h: No such file or directory
- Arduino data type confusion. Have string, need const char?
- Connecting a USB serial device to the Arduino directly
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
One approach is to place your JSPs under the WEB-INF folder. The servlet engine will restrict direct access to any files under the WEB-INF folder, which achieves your goal.
To be able to use this approach, all your links and form actions should map to servlets or a similar component in the framework you're using (e.g. actions in Struts, controllers in Spring MVC, etc.). You cannot expose direct links to JSP pages (which is a bad idea anyway).
For example, if you're using Spring MVC, the link will point to a URL which is mapped to a Controller. The controller will retrieve the data required to be displayed on the JSP and then forwards to the JSP (using the appropriate Spring MVC approach).
HTH