tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonatan Aguirre Kobayashi <jona.agui...@gmail.com>
Subject Re: Fwd: Tomcat 7: Compatibility problems
Date Wed, 01 Dec 2010 23:10:01 GMT
Christofer, i used the invoker to prototype applications more faster, if you
put your product to production the invoker has several security problems.

thanks for the answer!

2010/12/1 Christopher Schultz <chris@christopherschultz.net>

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jonatan,
>
> On 12/1/2010 8:35 AM, Jonatan Aguirre Kobayashi wrote:
> > Can i implement the Servlet Invoker using annotations?
>
> The invoker servlet is completely unnecessary and was only available in
> older versions of the spec for backward-compatibility.
>
> The invoker was an idea that should have never made it into the spec in
> the first place because it introduces security problems and violates the
> principle of least surprise.
>
> The invoker was only ever good for lazy web app designers.
>
> The invoker does /not/ need to be re-build for your project. Instead,
> properly map them in web.xml per the specification and rest assured that
> you are safer for having done so.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkz2lWwACgkQ9CaO5/Lv0PD+9gCbBq0l2u7zpXsvi36+fVVffoEl
> 8AcAn2kCV3LKSQ7oB2U4FWYFHSe3GdRy
> =82nS
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message