On 25.11.2013 12:42, Ognjen Blagojevic wrote:
I also think it would be very usefull if 401 error page for manager application does not example password "s3cret", but randomly generated long password unique for every request. I guess there is a number of Tomcat instances out there with username "tomcat" and passoword "s3cret", and that needs to be prevented.
Can you elaborate on that? What do you mean by randomly passwords for 401 pages? -- Mikolaj Rydzewski <m...@ceti.pl> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
