On Tue, 2 Nov 2010 21:18:02 +0530, Siva prakash I V
<sivaprakash...@gmail.com> wrote:
My app contains a sequence of images like for eg. A/11.gif, A/12.gif,
....
A/19.gif, B/21.gif... etc.
These images are used to identify a valid user of my app.
As these images are easily guessable, it may be easy for anyone to
download
all possible images and may lead to phishing attack.
Having said that I can't place my images in Tomcat and get it served
by a
servlet( a performance penalty ) and neither I can change my image
names to
ones which are not easily guessable.
My tomcat app jsps should continue using the existing images.
Smells like security by obscurity...
Hint: how do you want your legitimate clients to access those images if
they are well protected?
--
Mikolaj Rydzewski <m...@ceti.pl>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
