On 12/06/2012 06:57, Caldarale, Charles R wrote:
From: N.s.Karthik [mailto:nskarthi...@gmail.com]
Subject: HttpOnly
Tomcat 6.0.10
For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET.
Sorry, but there is simply no excuse for using a version of Tomcat that's over
five years old.
There may be a sound business rationale for using old versions of
software.
Tomcat 5.5.9, for example, works as well now as it did when it was
judged ready to be a stable release.
If there are no bugs or missing features in it which affect the
security or functionality of an application, then there is no benefit
from upgrading, but there will be costs and risks:
* downtime and manpower for the upgrade
* recommissioning/retesting: unless *all* acceptance tests are
automated, this can be far more expensive than deploying the
upgrade
* risk of introducing new bugs in new code
In general, older software is better understood and less risky than
new software, and if it meets requirements, is preferable.
Paul Singleton
Note that the value of the useHttpOnly attribute for the<Context> element is
false in 6.0.x, but true in 7.0.x. Whether or not the attribute even exists on such
an ancient level of Tomcat is something you'll have to look up yourself.
Try a current version and see if the issue persists.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
