On 22/10/2012 14:18, Wiley, Maxie wrote: > ALL, > > Is it possible to remove an installation of a compiler on a production web > server(tomcat)? If there is a way to remove the compiler or is it required in > order for the system to function properly. Could you please send me a > precise summary of why and any steps that can be taken to mitigate any > potential risk associated with the compiler remaining in place.This is for s > security issue on my production system.
Why does this enhance security? If someone has sufficient access to the machine to use the compiler shipped with Tomcat, you are already in a lot more trouble than they will be able to inflict just by having access to Tomcat's JDT compiler. p -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
