Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 76136 invoked from network); 11 Feb 2003 10:23:13 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 11 Feb 2003 10:23:13 -0000 Received: (qmail 25438 invoked by uid 97); 11 Feb 2003 10:24:56 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org Received: (qmail 25431 invoked from network); 11 Feb 2003 10:24:56 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 11 Feb 2003 10:24:56 -0000 Received: (qmail 75131 invoked by uid 500); 11 Feb 2003 10:23:03 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 75094 invoked from network); 11 Feb 2003 10:23:02 -0000 Received: from icarus.apache.org (208.185.179.13) by daedalus.apache.org with SMTP; 11 Feb 2003 10:23:02 -0000 Received: (qmail 95196 invoked from network); 11 Feb 2003 10:23:00 -0000 Received: from unknown (HELO apache.org) (127.0.0.1) by localhost.apache.org with SMTP; 11 Feb 2003 10:23:00 -0000 Message-ID: <3E48CF10.8070705@apache.org> Date: Tue, 11 Feb 2003 11:23:12 +0100 From: Remy Maucherat Organization: ASF User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030114 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: cvs commit: jakarta-tomcat-4.0/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve RemoteAddrValveForm.java RemoteHostValveForm.java ValveUtil.java References: <20030211022715.82714.qmail@icarus.apache.org> In-Reply-To: <20030211022715.82714.qmail@icarus.apache.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: localhost.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N amyroh@apache.org wrote: > amyroh 2003/02/10 18:27:15 > > Modified: webapps/admin build.xml > webapps/admin/WEB-INF/classes/org/apache/webapp/admin > ApplicationResources_en.properties > ApplicationResources_es.properties > webapps/admin/WEB-INF/classes/org/apache/webapp/admin/valve > RemoteAddrValveForm.java RemoteHostValveForm.java > ValveUtil.java > Log: > Add validation for RemoteAddrValve and RemoteHostValve to prevent > installing a filter that prevents the admin's own access. I don't understand what this does over the stanadard remote host/addr valves. If the maintainer of server.xml wishes to deny access to the "admin", then he has the right to do so IMO. I don't agree with forcing the localhost to have access, essentially. I may have an idea of where this new "feature" is coming from ;-) I'll have to veto this patch unless there is a real justification for it, other than (apparently) imaginary usability concerns (I will not integrate this patch in 4.1.20). Remy --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org