Is it a security risk to display the file path inside WEB-INF java

Question

Is it a security risk to display the file path inside WEB-INF java

I wonder if this would be a potential security risk. I have a Java Servlet Web Application and at the bottom of each page, I generate a "message problem" link that includes the original request url as well as the path to the JSP that the request was sent to. The point is that JSP pages are sometimes found in the WEB-INF folder. Is this a potential security risk? How can I display WEB-INF content?

It can indicate that the request was sent to

/WEB-INF/views/user/ViewUser.jsp for example.

+3

java security servlets

Saad Attieh 02 Sep 14 at 14:07

source to share

1 answer

ErrorNotFoundException · Accepted Answer · 2014-09-02T14:14:41+0000

You can remove part of the path while printing the path, and I don't understand why users need to know from which jsp the request was sent. Otherwise, this is not a very big issue as Servlet containers won't serve any content in WEB-INF. By putting your JSPs there, you prevent anyone from accessing the JSP directly by navigating to it in the browser by name.

Is it a security risk to display the file path inside WEB-INF java

More articles: