The deployXML attribute in the server.xml is defaulted to true. In the Tomcat Docs it states this: Security consious environments should set this to false to prevent applications from interacting with the container's configuration. Can anyone explain what the exposure might be by leaving this to value defaulted to true? What type of damage a problem applications could possibly do? The doc's are very vague in this regard.
Thanks in advance
