tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: deployXML question.
Date Mon, 01 May 2006 17:57:00 GMT
Could anyone shed some litght on this question? Or possibly point me in
the right direction for documentation.


-----Original Message-----
Sent: Wednesday, April 26, 2006 12:59 PM
To: Tomcat Users List
Subject: deployXML question.

The deployXML attribute in the server.xml is defaulted to true.  

In the Tomcat Docs it states this:
Security consious environments should set this to false to prevent
applications from interacting with the container's configuration. 
Can anyone explain what the exposure might be by leaving this to value
defaulted to true?  What type of damage a problem applications could
possibly do?
The doc's are very vague in this regard.

Thanks in advance

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message