Security of legacy app

Not sure if you’ve noticed, for old web service call of a cfc using cfinvoke or the like, we would point to the web service cfc file directly, for instance, http://111.222.333.444/websrv/mysrv.cfc?wsdl with other parameters etc…

Now, if you just run this http://111.222.333.444/websrv/mysrv.cfc by hand with a browser, you’ll see the full path of this mysrv.cfc file, something like d:\mylucee\webapps\root\websrv\mysrv.cfc
not a good idea to me…