tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@apache.org>
Subject Re: CSRF prevention filter and Tomcat 5/6
Date Tue, 11 May 2010 10:26:11 GMT
+1 to E

-Tim

On 5/10/2010 11:47 AM, Mark Thomas wrote:
> On 10/05/2010 13:25, Konstantin Kolinko wrote:
>>> Thoughts?
>>>
>>
>> It is possible to combine A+C:
>>
>> E. Use a different name for the new role that allows access to GUI
>> interface only,
>> "manager-gui", as well as new "manager-script", "manager-jmx",
>> "manager-status".
>>
>> We can even rename "manager" -> "manager-gui" in Tomcat 7.
>>
>> The "manager" role is preserved as is, but is documented as
>> "deprecated" and is no longer recommended for use.
>
> I like it. Neat solution.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message