tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Moore" <tmo...@blackboard.com>
Subject RE: Security threat with enabling invoker servlet in 4.1.12
Date Mon, 04 Nov 2002 18:13:20 GMT
> -----Original Message-----
> From: Budi Kurniawan [mailto:budik@cse.unsw.EDU.AU] 
> Sent: Friday, November 01, 2002 7:22 PM
> To: Tomcat Developers List
> Subject: Security threat with enabling invoker servlet in 4.1.12
> 
> 
> Hi,
> 
> I've browsed the user list for this question but could not 
> find the answer. Apologies if this is not the right question 
> for this list.
> 
> The release note in 4.1.12 says that the invoker servlet is 
> turned off in the default web.xml for security reasons. 
> However, in the examples app's web.xml the invoker is on.
> 
> My questions are:
> 1. What security threat is that?
> 2. If it is not safe to turn it on in the default web.xml, is 
> it safe to do so in the app web.xml?
> 
> thx,
> budi
> 

This probably is more appropriate for the user list, but to answer your
question, please see

http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg33723.html

and

http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg34918.html

-- 
Tim Moore / Blackboard Inc. / Software Engineer
1899 L Street, NW / 5th Floor / Washington, DC 20036
Phone 202-463-4860 ext. 258 / Fax 202-463-4863


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message