tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session
Date Fri, 19 Nov 2004 17:20:31 GMT
Jean-Francois Arcand wrote:

> Actually, my next steps is to allows empty field in 
>, which will disable the mechanism (next commit 
> :-)). Right now you can only disable the mechanism by removing the 
> or if you use the Embedded interfance.
> By default I still want to keep Tomcat as secure as possible, but 
> leave the door open for disabling the mechanism. As an example, when 
> Tomcat gets benchmarked against other unsecure container with security 
> turned on, people will think Tomcat is slower, which is not right.

I don't understand. This configuration will make security useless, so 
what's the point ? Why not just disable security if it's going to be 
useless ?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message