tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <>
Subject Re: Tomcat Security Vulnerability
Date Mon, 09 Oct 2000 17:44:07 GMT
on 10/9/2000 10:36 AM, "" <> wrote:

> I don't want this to sound too bad -  tomcat is the result of many
> individuals contributing code they feel it's needed. I contributed the
> original implementation of Ajp12 for tomcat, and my goal was to make it
> easy for people to transition from jserv2.0 to tomcat. In my experience
> with web servers I haven't met too many production sites without a
> firewall ( and tomcat3.0 and before used a simple RMI mechanism that had
> no extra password )
> I personally believe that a firewall and/or IP-level rules are the best
> solution to allow/deny access to a certain port. I may be wrong, and it's
> clear other people have different opinions - but that's my experience and
> what I think. 
> Costin

If there is a hole that can be easily fixed (or was even *fixed* at one
point) then it should be fixed again by the person who broke it.


--    |      | |       |

View raw message