Mel Martinez wrote:
> --- Bip Thelin <[EMAIL PROTECTED]> wrote:
>
[snip]
>>
>> +1 on having CGI in web.xml but commented out,
>> regarding SSI I suggest
>> we add a configure property(like Apaches NoExec)
>> that set's whether #exec is
>> allowed or not. And if that property is not set it
>> defaults to NoExec.
>>
>> So for a standard setup SSI would be allowed but
>> you'd have to bug your
>> Tomcat sysadmin to have the #exec option enabled.
>> Sort of like a standard Apache setup.
>>
>> ..bip
>
>
> +1 on what Bip said.
Cool -- regardless of the security manager settings we decide on, I will
submit with the web.xml entry commented out as requested.
>
> mel
>
Chrs,
Martin
