> Maybe the first question should be : why do you want to run this with the > Security Manager ? > As far as I understand this, the SM only really helps, if otherwise unsecure > applications can be deployed within your JVM. Is that the case, or do you > know and control all the applications from the start ?
Isn't it more like a dog and a muzzle? In theory if you know the dog and it is always friendly, there is no need to use one. However if all dogs wore muzzles, there would be less dog attacks. IMHO security in depth is about making things harder for the bad guys. Adding a security manager should do this, if it is configured correctly. BTW I am not saying that I actually do this, just that I think that everyone should to make it harder for when the bad guys break into your app Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
