tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Rumney <jrum...@attlabs.att.com>
Subject Re: Tomcat Security Vulnerability
Date Mon, 09 Oct 2000 08:13:49 GMT
cmanolache@yahoo.com writes:

> I'm all +1 for removing the shutdown option form mod_jserv or to remove
> mod_jserv completely. 

mod_jserv is not the problem. It HAS security mechanisms (see
ApJServSecretKey). It is the Tomcat interface to mod_jserv that is
lacking in security features.


-- 
Jason Rumney <jrumney@attlabs.att.com>
AT&T Labs (Redditch, UK)


Mime
View raw message