tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: [PATCH]Virtual Host Choice on HTML Manager
Date Mon, 05 Jan 2004 19:57:28 GMT
Glenn Nielsen wrote:
> This breaks security for virtual hosting by allowing anyone who can
> authenticate to use the manager to manage all virtual hosts.
> Though this may be easier for you it prevents me from administering
> a Tomcat server where multiple virtual hosta are managed by different
> customers.
> 
> Therfor I am -1 for applying this patch.
> 
> An acceptable patch would be to extend the existing manager class with
> a new class which implements this "feature".  Then those administering
> Tomcat can choose which version of the manager they want to install.

I agree with this.
Is one manager per vhost really too much to ask ? (since different 
principals will be needed in many situations)

There are a use cases for the feature, of course, so I'm ok with having 
an extension class that could replace the default manager servlet.

Rémy



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message