You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/10/25 19:18:20 UTC
BugRat Report #306 has been filed.
Bug report #306 has just been filed.
You can view the report at the following URL:
<http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/306>
REPORT #306 Details.
Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment:
Release: Tomcat 3.2 beta 6
JVM Release: 1.3
Operating System: NT
OS Release: 2000
Platform: Intel
Synopsis:
HTTP continues to work (it should not) if using a <transport-guarantee> of CONFIDENTIAL in the web.xml file.
Description:
When a web.xml file reads as follows:
<web-app>
<security-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
HTTP should no longer work. Only HTTPS should work when accessing HTML pages or Servlets in that particular WebApp.
This is not the case: HTTP continues to work.
-Alan Bron
PROS Revenue Management
abron@prosrm.com