tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Taglang, Guillaume" <Guillaume.Tagl...@paybox.net>
Subject RE: Outstanding bugs before 3.2 final?
Date Thu, 21 Sep 2000 18:59:35 GMT
> [...] 
> I agree that stack traces may be dangerous to display to unknown,
> untrusted users in some cases.  (They reveal information about
> internal filesystem and class structures which could be used as part
> of a crack.)
> 
> However, I am strongly -1 for disabling them across the board, without
> providing a config option.
> 
> Specifically, they should be ON BY DEFAULT, and we should add a
> <suppress-stack-traces/> option to server.xml somewhere (not sure
> where -- another delay while we figure this out).
> 

It's just my point of view, but security should be the default mode.

  Guillaume

Mime
View raw message