tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject RE: redirection
Date Wed, 01 Apr 2009 14:58:56 GMT
> From: Gregor Schneider [mailto:rc46fi@googlemail.com]
> On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther
> <Peter.Crowther@melandra.com> wrote:
> >
> > And, indeed, that Apache + mod_security + mod_jk + Tomcat
> has fewer vulnerabilities than just Tomcat.
> >
>
> Since I'm interested on hard data, too, hand over the facts, please.

Quite.  If you look at the full original quote...

-- snip --
> From: fredk2 [mailto:fredk2@gmail.com]
[...]
> (assuming you do not use a WAF firewall).

And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just
Tomcat.
-- snip --

... I was re-using the "assuming" from the previous poster's brackets.  Sorry - I should have
made that more explicit.  Here's the re-stated version:

And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities
than just Tomcat.

I'd also be very interested to see the evidence (either way) on that.

                - Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message