Win a copy of AWS Security this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

Best practice link configuration

 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whats the recommended way to specify links?
My pages have links to xxx.do anfd then a single mapping in the config file for the xxx.do to use xxxAction.
Doesn't this rather give any potential naughty chaps the knowledge that I'm using Struts. Should I be disguising the links in some way or adding another level of indirection?
Thanks,
Louise
 
Ranch Hand
Posts: 1258
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So far as I know, it would only matter if there was some giant security fault that people could exploit. Who cares if they know you're using Struts if they can't exploit it. You could always change the action servlet filter to pretend it's using something more primitive like *.html or *.cgi, or something arbitrary like *.hireme.
I don't see many people explcitly changing it though -- the traditinal "do" seems adequate for most.
 
Seriously? That's what you're going with? I prefer this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic