> From: Gregor Schneider [mailto:rc4...@googlemail.com] > On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther > <peter.crowt...@melandra.com> wrote: > > > > And, indeed, that Apache + mod_security + mod_jk + Tomcat > has fewer vulnerabilities than just Tomcat. > > > > Since I'm interested on hard data, too, hand over the facts, please.
Quite. If you look at the full original quote... -- snip -- > From: fredk2 [mailto:fre...@gmail.com] [...] > (assuming you do not use a WAF firewall). And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. -- snip -- ... I was re-using the "assuming" from the previous poster's brackets. Sorry - I should have made that more explicit. Here's the re-stated version: And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities than just Tomcat. I'd also be very interested to see the evidence (either way) on that. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
