|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Adam Manock (abmanock
earthlink.net)Date: Mon Mar 25 2002 - 06:28:54 CST
From the Tomcat-user list, anyone know any more?
>During development and deployment I discovered
>that many types of errors while reading the web.xml
>file would result in the app coming up (at least
>partly), but with no security.
>
>This seems like a serious security exposure in
>a production environment.
>
>I believe this is potentially a serious security
>exposure and suggest that tomcat should never
>allow access to the app if it has any problems
>reading the web.xml file or establishing any of
>the security environment.
>
>Frank Lawlor
>Athens Group, Inc.
>(512) 345-0600 x151
>Athens Group, an employee-owned consulting firm integrating technology
>strategy and software solutions.
Adam
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]