tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session PersistentManagerBase.java StandardManager.java StandardSession.java
Date Fri, 19 Nov 2004 17:20:31 GMT
Jean-Francois Arcand wrote:

> Actually, my next steps is to allows empty field in 
> catalina.properties, which will disable the mechanism (next commit 
> :-)). Right now you can only disable the mechanism by removing the 
> catalina.properties or if you use the Embedded interfance.
>
> By default I still want to keep Tomcat as secure as possible, but 
> leave the door open for disabling the mechanism. As an example, when 
> Tomcat gets benchmarked against other unsecure container with security 
> turned on, people will think Tomcat is slower, which is not right.

I don't understand. This configuration will make security useless, so 
what's the point ? Why not just disable security if it's going to be 
useless ?

Rémy


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message