On Fri, 11 May 2001, Benjamin Chad wrote:
> Hi,
> What security development still needs to be done on Tomcat?
Depends on what you mean by "security" :-)
If you're talking about authentication -> we need to better integrate
tomcat with auth mechanisms in the web server ( that should be part of the
connector work ).
If you're talking about sandboxing -> testing and a lot of code review is
needed
For "anti-hacking" -> review of the Static file server, maybe a clean
library that would allow servers to get files without beeing tricked by
OS ( like case sensitivity, etc). We have some code, but it needs cleanup,
review - maybe rewrite.
Also: SSL certificate auth is missing ( in 3.3 ).
If you need more ideas - just let me know :-)
Costin
>
> I'm in a group at university that needs to find a security software
> project.
>
> Cheers,
> Ben.
>
