tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session PersistentManagerBase.java StandardManager.java StandardSession.java
Date Fri, 19 Nov 2004 00:17:50 GMT
jfarcand@apache.org wrote:

>jfarcand    2004/11/18 14:13:36
>
>  Modified:    catalina/src/share/org/apache/catalina/core Tag: TOMCAT_5_0
>                        ApplicationContextFacade.java
>                        ApplicationDispatcher.java
>                        ApplicationFilterChain.java StandardWrapper.java
>               catalina/src/share/org/apache/catalina/security Tag:
>                        TOMCAT_5_0 SecurityUtil.java
>               catalina/src/share/org/apache/catalina/session Tag:
>                        TOMCAT_5_0 PersistentManagerBase.java
>                        StandardManager.java StandardSession.java
>  Log:
>  When the package protection is not used, do not create the doPrivileged objects so we
don't suffer the performance hit (15% faster with trade2 and this change). Also fixed a memory
leak when security manager is turned on.
>
Fixing leaks is good :)

I have a question:
Can it ever happen that package access is disabled ? Tomcat is probably 
not secure without those checks. So what is the purpose of the change 
exactly ?
 
Rémy


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message