tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19483] - tomcat-users.xml is reset to read all
Date Wed, 30 Apr 2003 15:38:03 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19483

tomcat-users.xml is reset to read all





------- Additional Comments From robert.widmer@omv.com  2003-04-30 15:38 -------
A feature!?
The admin webapp can be used to configure Tomcat and to change passwords. The
user with admin role is also in tomcat-users.xml. So everybody can read the
admin password, login to the admin webapp and do anything he wants. I would not
call that a feature...

What can be done to hide the admin webapp admin password?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message