tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Security Question
Date Thu, 25 Oct 2001 12:21:38 GMT

Hi there,
I have read the "Existing Risks and Problems" (Chapter 8 in the internal
document of the TC-3.3) and spotted that there is a potentional security
risk in using Tomcat as a platform for the Application Gateway to an
enterprise business support system.
One of very important subprojects I still need to solve is providing a
secure environment and currently we are constructing a sort of "Checking
Engine" that basically test every parameter against predescribed conditions
and reject all invalid requests.
Has anybody already thought about this or eventually produced some
code/concept?  I hope some of original contributors will also read this
I have some development resources allocated to this task, but would prefer
if we could join forces with other interested parties as this must be a
very important issue.

View raw message