Discussion
Apple Inc
US
Posted: Jan 30, 2019
Last activity: Jan 30, 2019
Last activity: 30 Jan 2019 12:40 EST
Closed
Security - Users/Hackers are able to get the active connection list using PRTraceServlet URL
We don't want to disable the PRTraceServlet URL as it is one of the important tool to trace critical issues in higher envs.
Users are trying to hit this URL to get the connection list
/prweb/PRTraceServlet?pzDebugRequest=GetConnectionList
Is there any way to restrict this URL only to developers?
Thanks