Hi Charlie, >> no, I don't use a security manager. My machine is secure, so I am not >> concerned about rogue servlets somehow making their way to my system. I >> would be more concerned about it if we had a more developers, used third >> party software(non-open source), etc.
Hum, that's an interesting statement... I once read the following somewhere: "If you don't know how to break it, that doesn't mean it's secure". However, I also tend to trust my own software. But how do you explain that to your customers? Using the exact words you used above, I guess ;-) Hi Carsten, > Imho, the Security manager is one of the easier things to configure (TC > 3.3), and its use helps to clarify things and find bugs earlier. That's right - but 3.3 is not my problem: I'm running 4.0.3 (and I have to - large parts of the code depend on the servlet 2.3/ jsp 1.2 spec). Do you have any experience with it? Regards, Kim -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>