Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
Cheers
Jean-Frederic
-
To unsubscribe, e-mail:
I'm not sure. They provide an easy entry point for people using Tomcat
because it is so simple to just use them. There are a couple of choices:
- leave the examples in the download and take their security serious.
This is what we do now.
- leave the examples in the download, but don't bother
Hey,
On 7/9/07, jean-frederic clere [EMAIL PROTECTED] wrote:
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
I'd like to leave them in, as they're amazingly useful,
Rainer Jung wrote:
I'm not sure. They provide an easy entry point for people using Tomcat
because it is so simple to just use them. There are a couple of choices:
- leave the examples in the download and take their security serious.
This is what we do now.
good choice...
- leave the
Just FYI, on Gentoo we do not install or provide the examples by
default. One must set the examples USE flag for examples to be
installed. Because of such they were kinda moot issues for the recent
security issues for us on Gentoo.
Most running TC in production, or are actually using it for
It's nice if *someone* provides good reference examples; consider the mess
in PHP development-by-example that's left the web in a half-usable state.
Good reference examples? Do you want to encourage people to code
getRequestDispatcher.forward() by hand? Or do you want them using one of
the
William L. Thomson Jr. wrote:
Just FYI, on Gentoo we do not install or provide the examples by
default. One must set the examples USE flag for examples to be
installed. Because of such they were kinda moot issues for the recent
security issues for us on Gentoo.
Same thing on OpenBSD; there's a
09, 2007 11:13 AM
To: Tomcat Developers List
Subject: Re: Removing the examples (JSP/servlet) in TC Binaries
William L. Thomson Jr. wrote:
Just FYI, on Gentoo we do not install or provide the examples by
default. One must set the examples USE flag for examples to be
installed. Because
jean-frederic clere wrote:
Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
If the examples are broken, then we have serious problems,
either with examples or with
Leech, Jonathan wrote:
My 2 cents:
- Don't install the examples by default.
- Implement them in straight .jsp / servlets etc w/o using frameworks.
- Encourage each framework to implement the same examples using their
framework.
Fair enough. How about installing by default a very simple
-
From: Ian Darwin [mailto:[EMAIL PROTECTED]
Sent: Monday, July 09, 2007 11:40 AM
To: Tomcat Developers List
Subject: Re: Removing the examples (JSP/servlet) in TC Binaries
Leech, Jonathan wrote:
My 2 cents:
- Don't install the examples by default.
- Implement them in straight .jsp / servlets etc
jean-frederic clere wrote:
Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
+0.
If they are removed I would suggest replacing them with a page that
points to the
Mladen Turk wrote:
jean-frederic clere wrote:
Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
If the examples are broken, then we have serious problems,
either with
13 matches
Mail list logo