tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Tomcat 6: what are the risks of not using Security Manager
Date Wed, 14 Dec 2011 14:19:16 GMT
> From: jwklomp [mailto:janwillem.klomp@gmail.com] 
> Subject: Tomcat 6: what are the risks of not using Security Manager

> My question is: how secure is Tomcat without the Security Manager enabled

Tomcat itself is secure; it's your webapps you have to think about.  Can they be tricked into
doing things like writing to arbitrary locations in the server file system?  Only you can
determine that.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message