堆栈内存溢出
  简体   繁体   English

如何隐藏DWR类索引?

[英]How to hide DWR class index?

 原文  2016-11-10 15:38:43       dwr

问题描述

DWR publishes some index of classes under [context root]/dwr/ . DWR在[context root]/dwr/下发布一些类的索引。 The index contains links to more details about the services. 该索引包含指向有关服务的更多详细信息的链接。 This seems like information leakage to me and I would like to hide/unpublish these pages so they are not accesible. 对我来说,这似乎是信息泄漏,我想隐藏/取消发布这些页面,以使它们无法访问。

How can I configure DWR to hide this class index? 如何配置DWR以隐藏此类索引?

1 个解决方案

解决方案1
 0 已采纳  2016-11-10 15:49:33

Found a great pentesting blog that talks about it here: http://gerionsecurity.com/2012/09/experiences-in-pentesting-dwr/ 在这里找到了一个讨论该问题的出色的渗透测试博客: http ://gerionsecurity.com/2012/09/experiences-in-pentesting-dwr/

Essentially you disable debugging in in web.xml when you configure the servlet. 本质上,当您配置servlet时,您在web.xml中禁用了调试。 

<servlet>
  <servlet-name>dwr-invoker</servlet-name>
  <servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
  <init-param>
    <param-name>debug</param-name>
    <param-value>false</param-value>
  </init-param>
</servlet>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在DWR中自定义dwr.util.useLoadingMessage()? - how to customize dwr.util.useLoadingMessage() in DWR? 在dwr.xml中,如何从全局过滤器中排除某些类? - In dwr.xml how to exclude some class or classes from global filter? 如何在DWR中设置ajaxFilter? - How to setup ajaxFilter in DWR? 未生成DWR class.js文件 - DWR class.js file not generated 如果我的Java类返回xml数据,我该如何处理DWR。 - How can i handle with DWR.. if my java class return xml data 如何解析DWR返回的对象数组? - How to parse arrays of objects returned by DWR? 如何使用DWR addRows函数在顶部添加行 - How to add row at the top with DWR addRows function 如何找到Dwr会话检查示例和站点? - How to find Dwr session check example and site? 直接 Web 远程处理 (DWR) 如何工作? - How does Direct Web Remoting (DWR) work? 如何使角度等待DWR呼叫响应? - How to make angular wait for response of DWR Call?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM