[英]How to hide DWR class index?
DWR publishes some index of classes under [context root]/dwr/
. DWR在
[context root]/dwr/
下发布一些类的索引。 The index contains links to more details about the services. 该索引包含指向有关服务的更多详细信息的链接。 This seems like information leakage to me and I would like to hide/unpublish these pages so they are not accesible.
对我来说,这似乎是信息泄漏,我想隐藏/取消发布这些页面,以使它们无法访问。
How can I configure DWR to hide this class index? 如何配置DWR以隐藏此类索引?
Found a great pentesting blog that talks about it here: http://gerionsecurity.com/2012/09/experiences-in-pentesting-dwr/ 在这里找到了一个讨论该问题的出色的渗透测试博客: http ://gerionsecurity.com/2012/09/experiences-in-pentesting-dwr/
Essentially you disable debugging in in web.xml when you configure the servlet. 本质上,当您配置servlet时,您在web.xml中禁用了调试。
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.