-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'm interested in locking-down my jk-status page so that certain users can view the information but not modify it. Unfortunately, the jk-status page is implemented using a single URL as a controller with GET-parameters controlling what actually happens. Even the "edit worker" page uses GET instead of POST, so I can't just disable POST for all but some blessed set of users. Does anyone have any suggestions for how jk-status could be locked-down? I'm guessing that a whole lot of mod_rewrite rules could do the trick by looking for certain "write" operations and rejecting them, but that would mean being very careful about a lot of "magic" that's being sent-around in URL parameters. Has anyone done anything like this before? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTmy2FAAoJEBzwKT+lPKRYZQYP/0vSiM2J5+WVC/MJ7xJZ8eIm SriYzs3PEck/45wKrdC1W36QAqM7cvrF3V4+ojMZlkCt5rUlmhwPN2owZcgNAcWw iO6jebIXbjlMIxV1BIFOl/IOMV4nL9AlBRsPiemhvUlJP1xzUPpAeXB0RDBXbtQe eHOGdyLaLVn8Ub9xrIKCbEthFS76u1KfprGoVT7x1hl/EZ0o5DJHOiQVYMmEdoRV aHGe6ogmXpi6oTG4khTGxYiCJSUOfyoeZpo5MJllqwy9Km7PpxFjRGoQndaDpC1U L7MKPyQe9c4vTMO277rPGRijd3v02kssdi4nKCmaWP0Uu5OwK8Y2URpH3kXaeDfG RzQ9gJY1WfuqwrTYh3l0vVFkPkkXi7Stlrb3Afxvf28taQB9CKQTdsvsj1Mt4nlL k+tJNS5E6xDbeQm8C3hx5fyiKJY4HC6SyjFcAPIWT/mRBKPbjVrzQugfDM9VhD/z GiNNh4jPsrPlmP5uDH+YBkKgHTrWEv+E0OFEAVLN93ETtPYfp4qVUN0ftk4BkWip /YJxnBM1YAu6teQQin2wsw0MPgNnbDvlB7Hg52o0QNEgKxJu0RL6Yw5XDQMqDOJc 8JX/XucW/X1ZHiKtcXDe5mElB7pFJYQufaZM/Q61vEJOXeA51OV9gUjsYelve2Ml 5XhZe/6I+FPf7YB+lPpt =Yjfd -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
