tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: CSRF prevention filter and Tomcat 5/6
Date Mon, 10 May 2010 15:47:45 GMT
On 10/05/2010 13:25, Konstantin Kolinko wrote:
>> Thoughts?
>>
>
> It is possible to combine A+C:
>
> E. Use a different name for the new role that allows access to GUI
> interface only,
> "manager-gui", as well as new "manager-script", "manager-jmx", "manager-status".
>
> We can even rename "manager" ->  "manager-gui" in Tomcat 7.
>
> The "manager" role is preserved as is, but is documented as
> "deprecated" and is no longer recommended for use.

I like it. Neat solution.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message