Hello,
In my playing around with security, I've been attempting to break-out
the AllPermission for the $(catalina.home}/server classes into
something more granular to allow more refined tweaking. Here's what I
have so far:
grant codeBase "file:${catalina.home}/server/-" {
permission java.
Glenn Nielsen wrote:
[snip]
>
> Glad to hear you had success using Tomcat with the Java SecurityManager.
> Where I work we have several different installs of Tomcat. All of them
> use a much more restrictive policy file than the default catalina.policy.
> At one point the Tomcat 4 Security Man
Glenn Nielsen wrote:
>
> I am pleased to see the interest in security issues.
>
> But when developing solutions for security issues we need to remember
> that Tomcat4 can use the Java SecurityManager. And in almost all
> cases the security needed can be achieved by using catalina.policy.
> We
Hello,
I'm currently looking into the security issues pertaining to enabling
this by default. I followed the conversation for why it is the way
it is, but now that I'm actually in the guts of the thing, I don't
think I fully understand.
The issue as I remember it is that the SsiExec class in se
