tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject deployXML question.
Date Wed, 26 Apr 2006 16:58:31 GMT

The deployXML attribute in the server.xml is defaulted to true.  

In the Tomcat Docs it states this:
Security consious environments should set this to false to prevent
applications from interacting with the container's configuration. 
Can anyone explain what the exposure might be by leaving this to value
defaulted to true?  What type of damage a problem applications could
possibly do?
The doc's are very vague in this regard.

Thanks in advance

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message