Deacon Marcus at [EMAIL PROTECTED] wrote:
> Hi,
>
>> -----Original Message-----
>> From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
>> Sent: Saturday, August 18, 2001 10:44 AM
>> To: tomcat dev jakarta.apache.org
>> Subject: CGI wrapper in Tomcat 4.0 b7
>>
> [...]
>>
>> (BTW, wouldn't it be wise to disable CGI execution in the default
>> configuration? I don't know, after hearing people running Tomcat
>> as root, I
>> feel we really should!)
>
> You mean it's _enabled_ by _default_ ??
Err, whops... YES :) But that's why we still call 4.0 beta, don't we? :)
> /me is running to his server's console to immediately disable CGI before one
> of his customers find out it's enabled and it's too late ;/
Well, thank god that my Nessus run found it out yesterday night...
It's configured in the conf/web.xml configuration file...
> Greetings, deacon Marcus
Pier
