tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java
Date Tue, 11 Feb 2003 10:23:12 GMT
amyroh@apache.org wrote:
> amyroh      2003/02/10 18:27:15
> 
>   Modified:    webapps/admin build.xml
>                webapps/admin/WEB-INF/classes/org/apache/webapp/admin
>                         ApplicationResources_en.properties
>                         ApplicationResources_es.properties
>                webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve
>                         RemoteAddrValveForm.java RemoteHostValveForm.java
>                         ValveUtil.java
>   Log:
>   Add validation for RemoteAddrValve and  RemoteHostValve to prevent
>   installing a filter that prevents the admin's own access.

I don't understand what this does over the stanadard remote host/addr 
valves.
If the maintainer of server.xml wishes to deny access to the "admin", 
then he has the right to do so IMO. I don't agree with forcing the 
localhost to have access, essentially. I may have an idea of where this 
new "feature" is coming from ;-)

I'll have to veto this patch unless there is a real justification for 
it, other than (apparently) imaginary usability concerns (I will not 
integrate this patch in 4.1.20).

Remy


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message