i know this solution is anything but not secure. but the main point iin
doing this is a juristic question. if someone is able to put a war file
into the tomcat installed to your computer he can do probably anything
he wants to your computer. but if he is able to do so, this security
break is not the concern of me anymore, but the user's of this machine.
Gregor Schneider wrote:
Hi Stephan,
well, that's awkward.
Even if you are able to disable automatic deployment, anybody knowing
his ways around Tomcat will be able to change the settings again thus
make Tomcat load the other apps :(
my idea would be to write a valve checking which apps are installed:
If any other then your delivered apps are installed, Tomcat is
forwarding the request to a customized error-page.
however, even this solution will not prevent anybody from tampering.
HTH
Greg
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
