tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bip Thelin" <Bip.The...@razorfish.com>
Subject RE: cvs commit: jakarta-tomcat-4.0/catalina/src/conf web.xml
Date Fri, 12 Oct 2001 21:27:33 GMT
> -----Original Message-----
> From: costinm@covalent.net [mailto:costinm@covalent.net] 
> 
< [...]
> As long as you leave SSIServlet ( or any other servlet ) installed any
> webapp can declare it - and then use it. When the servlet is
> executed it'll be called directly by the server, with 
> AllPermissions ( since no
> 'user' code would be in the calling path ). The sandbox can't protect
> against things happening outside the box.

So if this is true for all servlets as you say shouldn't we disable
Managerservlet and webdav servlet also? Or are they within a
securityconstrain?

	-bip

Mime
View raw message