Remy Maucherat wrote:
Jean-Francois Arcand wrote:

It's not useless. Normal permissions are still turned on. It's only the package protection that is disabled. When disabled, Tomcat 5 is as unsecure as Tomcat 4 in term of sniffing/loading classes, but still secure in term of browsing the file system etc.


Possibly. But I don't know what you can do with access to the Tomcat internals, and hacking the container is a bad security problem IMO. I don't see how you could want half assed security. Oh wait, there's Window$, so I guess there are takers ;)

LOL


BTW, Tomcat 4 did package protection.

Yes. I was meaning the improvement we did 2 years ago that ends up adding all thoses doPrivileged blocks as well as the catalina.properties list.


-- Jeanfrancois



Rémy


--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]



--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to