> -Original Message-
> From: Budi Kurniawan [mailto:budik@;cse.unsw.EDU.AU]
> Sent: Friday, November 01, 2002 7:22 PM
> To: Tomcat Developers List
> Subject: Security threat with enabling invoker servlet in 4.1.12
>
>
> Hi,
>
> I've browsed the user list for this question but could not
Thanks Martin,
budi
On Mon, 4 Nov 2002, Martin Algesten wrote:
> The invoker servlet allows for anyone to call your servlets using their
> class names. This is not a problem as long as you are happy with that.
> In my case I have some internal servlets (used as a poor substitute for
> RMI) where I
The invoker servlet allows for anyone to call your servlets using their
class names. This is not a problem as long as you are happy with that.
In my case I have some internal servlets (used as a poor substitute for
RMI) where I map the servlets to be under /internal/some.servlet and
then prote
