On 2 Nov 2010, at 15:48, Siva prakash I V <sivaprakash...@gmail.com> wrote:
> Hi Rob, > > My app contains a sequence of images like for eg. A/11.gif, A/12.gif, .... > A/19.gif, B/21.gif... etc. > These images are used to identify a valid user of my app. > As these images are easily guessable, it may be easy for anyone to download > all possible images and may lead to phishing attack. > Having said that I can't place my images in Tomcat and get it served by a > servlet( a performance penalty ) You've presumably conducted some performance tests which led you to this conclusion? In this case a Servlet Filter which checks the request against the current user's credentials and returns a 403 for unauthorised access would be a low cost option. p > and neither I can change my image names to > ones which are not easily guessable. > My tomcat app jsps should continue using the existing images. > > > > On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory > <rob.greg...@ibsolutions.com>wrote: > >> Hi Siva, >> >> The only way I know of protecting an 'actual' request for a specific >> resource is to remove the resource from the web server. I Can't see why >> you would want to stop access to something when it is actually requested >> otherwise what would be the point of deploying it (if nothing can access >> it). Sorry if I misunderstand the question. >> >> >>> -----Original Message----- >>> From: Siva prakash I V [mailto:sivaprakash...@gmail.com] >>> Sent: 02 November 2010 14:44 >>> To: Tomcat Users List >>> Subject: Re: Protecting static resources in IIS >>> >>> Firstly, Thanks for the info. >>> >>> I've done what you've said. >>> >>> Consider my directory structure as below in IIS. >>> >>> <IISROOT>/images/TestDir/A.gif >>> <IISROOT>/images/TestDir/index.html (newly introduced one) >>> >>> If I hit the following url, it shows the index.html >>> https://<hostname>/images/TestDir/ >> <https://%3chostname%3e/images/TestDir/> >>> >>> but if I hit the following url, it shows the image A.gif which needs >> to be >>> restricted its access. >>> >>> >> https://<hostname>/images/TestDir/A.gif<https://%3chostname%3e/images/Te >> stDir/ >>> A.gif> >>> >>> Please let me know if this can be resolved. >>> >>> >>> Thanks, >>> Siva Prakash >>> >>> >>> On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory >>> <rob.greg...@ibsolutions.com>wrote: >>> >>>> While this is not a forum nor is the mailing list about IIS a quick >>>> suggestion and one we implement is to place a blank (or custom) >>>> index.html file into every directory within the site. This will then >> be >>>> served up when requests for resources are received. >>>> >>>> Hope that helps >>>> Rob >>>> >>>>> -----Original Message----- >>>>> From: Siva prakash I V [mailto:sivaprakash...@gmail.com] >>>>> Sent: 02 November 2010 14:08 >>>>> To: users@tomcat.apache.org >>>>> Subject: Protecting static resources in IIS >>>>> >>>>> Hi, >>>>> >>>>> Though I know that this forum is not for IIS related questions, It >>>> will be >>>>> great if someone can help me out with the following problem. >>>>> >>>>> I need to protect the end user's access (thru a url) to the static >>>> resources >>>>> like images directory in IIS but still allowing my app jsps in >> Tomcat >>>> ROOT. >>>>> >>>>> >>>>> Thanks, >>>>> Siva Prakash >>>> >>>> >> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
