Remy Maucherat wrote:
Jean-Francois Arcand wrote:
It's not useless. Normal permissions are still turned on. It's only the package protection that is disabled. When disabled, Tomcat 5 is as unsecure as Tomcat 4 in term of sniffing/loading classes, but still secure in term of browsing the file system etc.
Possibly. But I don't know what you can do with access to the Tomcat internals, and hacking the container is a bad security problem IMO. I don't see how you could want half assed security. Oh wait, there's Window$, so I guess there are takers ;)
LOL
BTW, Tomcat 4 did package protection.
Yes. I was meaning the improvement we did 2 years ago that ends up adding all thoses doPrivileged blocks as well as the catalina.properties list.
-- Jeanfrancois
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]