tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <>
Subject Re: cvs commit: jakarta-tomcat-4.0/catalina/src/conf web.xml
Date Fri, 12 Oct 2001 23:55:48 GMT
> So if this is true for all servlets as you say shouldn't we disable
> Managerservlet and webdav servlet also? Or are they within a
> securityconstrain?

WebDAV is not a problem (it doesn't allow any access outside the webapp's
root, just the same as the DefaultServlet).

The manager is more a problem, although it shouldn't allow you to do a lot
(like start/stop some contexts). I'll put a fix for that kind of problem
(and it's actually be the first important 4.0 -> 4.0.1 change - although the
change itself will be small).


View raw message