tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yoav Shapira" <yo...@apache.org>
Subject Re: Removing the examples (JSP/servlet) in TC Binaries
Date Mon, 09 Jul 2007 13:40:22 GMT
Hey,

On 7/9/07, jean-frederic clere <jfclere@gmail.com> wrote:
> The examples (servlet and JSP) have caused a list of security issues.
> I think we should remove them from the Tomcat binary packages (6.0 and
> 5.x at least).
> Any comments?

I'd like to leave them in, as they're amazingly useful, especially for
beginners and/or new users.  Those kind of users are most likely to
use the binary packages.

Practically all the example-related security issues can be worked
around by commenting out and/or removing the examples webapps from
production servers.  That's good enough for me.

Yoav

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message