DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42795>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42795
Summary: GET used for unsafe operations
Product: Tomcat 5
Version: 5.5.23
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Webapps:Manager
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: erharold@gmail.com
The Tomcat manager app (usually found at http://hostname:8080/manager/html) uses
HTTP GET and a links for unsafe operations such as restarting, redeploying,
starting and stopping the server. For example,
http://hostname:8080/manager/html/stop?path=/host-manager
Protecting the links with JavaScript "are you sure messages" is an unreliable
kludge.
These links should be redesigned to use POST instead of GET.
I suspect I don't have to explain the importance of this to this group, but just
in case:
http://www.w3.org/2001/tag/doc/whenToUseGet.html
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
|