tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61489] Disable creation of command line parameters from GET parameters in the URL
Date Tue, 05 Sep 2017 07:35:48 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61489

--- Comment #1 from jm009 <jan0michael@yahoo.com> ---
Why I suggest to disable this feature by default:

1) I never saw a servlet that uses this feature

2) I suppose, this feature comes from the beginnings of the internet, when
people wanted to run some system command by clicking on a link, and the term
"security" was not yet used in computer science :-)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message