Reputation: 329
Url exposes the application directory
In my WCF service application , images are saved into application directory. So in one of the service call, it returns the image(http request to the url- http://mydomain:88/Images/Tree/test.png) to the client application.( a mobile application). The url exposes the application directory, so is this a good practice? All the call to the service is protected using basic authentication. But still is this good practice to exposing the directory structure in url?
Thanks.
Upvotes: 0
Views: 80
Answers (1)
Reputation: 3693
All you've done is expose a little information to the world about your directory structure behind the scenes - probably not a "best practice". But generally, I'd say you're safe if:
- you don't expose the directories to browsing (like via an IIS setting)
- the web service or proxy is located behind a firewall within a DMZ
- the WCF requests are authenticated/authorized before
content is delivered.
You can fix this without too much work, though. Assuming the "Test.png" is the file the client is trying to download, change the host-side endpoint so that it's just ".../Images/Tree/Connect" that receives the file name as a parameter in the Get(). The host and clients would have to change, but it's not a big change.
Upvotes: 1
Related Questions
- How to get working path of a wcf application?
- Placing WCF service in folder throws 404
- relative url in wcf service binding
- Directory not found error in WCF service call in IIS
- Endpoint not found when accessing via URL in a browser
- Absolute path is not working for WCF Service
- WCF getting the phisical path of URL adress
- problem with url when calling wcf service by httpWebRequest
- Relative paths in WCF service hosted in IIS
- Running WCF service shows directory listing instead of the service