> -----Original Message----- > From: Budi Kurniawan [mailto:budik@;cse.unsw.EDU.AU] > Sent: Friday, November 01, 2002 7:22 PM > To: Tomcat Developers List > Subject: Security threat with enabling invoker servlet in 4.1.12 > > > Hi, > > I've browsed the user list for this question but could not > find the answer. Apologies if this is not the right question > for this list. > > The release note in 4.1.12 says that the invoker servlet is > turned off in the default web.xml for security reasons. > However, in the examples app's web.xml the invoker is on. > > My questions are: > 1. What security threat is that? > 2. If it is not safe to turn it on in the default web.xml, is > it safe to do so in the app web.xml? > > thx, > budi >
This probably is more appropriate for the user list, but to answer your question, please see http://www.mail-archive.com/tomcat-dev@;jakarta.apache.org/msg33723.html and http://www.mail-archive.com/tomcat-dev@;jakarta.apache.org/msg34918.html -- Tim Moore / Blackboard Inc. / Software Engineer 1899 L Street, NW / 5th Floor / Washington, DC 20036 Phone 202-463-4860 ext. 258 / Fax 202-463-4863 -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
