tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Stevens <...@latchkey.com>
Subject Re: Tomcat Security Vulnerability
Date Mon, 09 Oct 2000 17:44:07 GMT
on 10/9/2000 10:36 AM, "cmanolache@yahoo.com" <cmanolache@yahoo.com> wrote:

> I don't want this to sound too bad -  tomcat is the result of many
> individuals contributing code they feel it's needed. I contributed the
> original implementation of Ajp12 for tomcat, and my goal was to make it
> easy for people to transition from jserv2.0 to tomcat. In my experience
> with web servers I haven't met too many production sites without a
> firewall ( and tomcat3.0 and before used a simple RMI mechanism that had
> no extra password )
> 
> I personally believe that a firewall and/or IP-level rules are the best
> solution to allow/deny access to a certain port. I may be wrong, and it's
> clear other people have different opinions - but that's my experience and
> what I think. 
> 
> Costin

If there is a hole that can be easily fixed (or was even *fixed* at one
point) then it should be fixed again by the person who broke it.

-jon

-- 
http://scarab.tigris.org/    | http://noodle.tigris.org/
http://java.apache.org/      | http://java.apache.org/turbine/
http://www.working-dogs.com/ | http://jakarta.apache.org/velocity/
http://www.collab.net/       | http://www.sourcexchange.com/



Mime
View raw message