It's all about the answers!

Ask a question

Sensitive URLs in JTS are exposed


Venkat Raman (192) | asked May 13, 3:22 a.m.

 We observed that the sensitive URLs related with IBM JTS are exposed publicly. We are planning to prevent disclosure of sensitive URLs by disabling it in the application. How to perform this activity?


Need help on this!

One answer



permanent link
David Honey (2356) | answered May 13, 4:34 a.m.
JAZZ DEVELOPER
Please be specific about what types of URLs you mean - give some examples.
And what do you mean by "exposed publicly".

For the most part, URLs tend to be opaque and not reveal sensitive data.For example, the URI of a project area includes the id of the project area and the URI of a JTS user includes the user id but in both cases reveals no other information about them project area or the user respectively. Given the user specifies the id in both cases, they can choose not to reveal anything sensitive in that id. In other cases, the URIs include GUIDs (such as repo item ids) which reveal no sensitive data.

Comments
Ralph Schoon commented May 13, 7:59 a.m. | edited May 13, 8:48 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
The whole question does not make any sense to me and lacks any detail that would enable even trying to answer it. Right, what does "exposed publicly" even mean? What is a sensitive URL? Exposed to what? Can be accessed by whom?

It is your responsibility to decide how and from where your servers are accessible.

Your answer


Register or to post your answer.