tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim McNerney <tmcner...@userinterface.com>
Subject RE: Tomcat Security Vulnerability
Date Fri, 06 Oct 2000 20:17:54 GMT
Just a general note. Using a firewall to protect a port or using IP
filtering or changing the port number are not fixes to the security
problem. They are workarounds. Being able to shut down the server
remotely is a serious security hole and needs to be treated as such.
Some of the responders seem to realize this while others didn't. But
make no mistake, offering "use a firewall" as a solution will quickly
lead to many people loosing faith in the viability of Tomcat as a
commercial grade servlet solution. 

"Use a firewall" is only a reasonable solution for the problems you
don't know about. If its a problem you know about, you need to fix the
problem.

--Tim

Mime
View raw message