Howdy,
Hmm... That's a badly coded webapp because it's not portable, specific
to tomcat.
Implications: slightly reduced security in case there's a bug in the
org.apache.catalina.session class/package that the webapp is exploiting.
I haven't heard of such a bug, but who knows.
Don't give this access unless you have to. Instead, the user should not
write their webapp to use any tomcat-specific (or for that matter,
server-specific) classes. Their webapp should be coded to the servlet
specification.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: webmaster [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2003 6:19 PM
To: Tomcat Users List
Subject: Special permission in a webapp.
Hi all,
I have a user that needs the following permission in its webapp.
java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.session
What are the implications of giving up such a permission ?
Thanks !!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]