tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <>
Subject Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf web.xml
Date Sun, 14 Oct 2001 19:52:49 GMT
> Using -security and a properly configured catalina.policy can help protect
> But the jar files for these servlets should be relocated outside of the
> server/lib directory to make it easier to grant a different security
> to these servlets from the core of catalina.

Since the default configuration should be secure, I renamed the two JARs to
non-JAR files (and added instructions to enable them. I also fixed a problem
where it was also possible to get around the sandboxing by using the manager
(which now will only get loaded by a privileged context).


View raw message