tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve
Date Tue, 11 Feb 2003 10:23:12 GMT wrote:
> amyroh      2003/02/10 18:27:15
>   Modified:    webapps/admin build.xml
>                webapps/admin/WEB-INF/classes/org/apache/webapp/admin
>                webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve
>   Log:
>   Add validation for RemoteAddrValve and  RemoteHostValve to prevent
>   installing a filter that prevents the admin's own access.

I don't understand what this does over the stanadard remote host/addr 
If the maintainer of server.xml wishes to deny access to the "admin", 
then he has the right to do so IMO. I don't agree with forcing the 
localhost to have access, essentially. I may have an idea of where this 
new "feature" is coming from ;-)

I'll have to veto this patch unless there is a real justification for 
it, other than (apparently) imaginary usability concerns (I will not 
integrate this patch in 4.1.20).


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message