tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Is there a better way to disable JSESSIONID in the URLs?
Date Thu, 19 Aug 2010 03:19:23 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wesley,

On 8/17/2010 6:05 PM, Wesley Acheson wrote:
> I know of no better way to fix this. This is what we *had* to do to
> pass PCI too so its no small deal.

Wow, who made you disable jsessionids in URLs to achieve PCI compliance?
Whoever did that doesn't understand Java webapp security. Or Internet
security for that matter. :(

Of course, there might just be some heavy-handed PCI requirements that
the working group pulled out of their asses in a few minutes and then
got on with a great deal of self-congratulations for making the Internet
"safe".

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxsorsACgkQ9CaO5/Lv0PAGzgCfXtTF9BFrRTGvrQ4YXd8ZjXqh
CFkAn39TkdK48bu5kItvxqoFrDHOgv5S
=s8g7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message