You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/11/12 10:51:47 UTC
svn commit: r1713997 - in /tomcat/trunk: conf/web.xml
webapps/docs/cgi-howto.xml
Author: markt
Date: Thu Nov 12 09:51:47 2015
New Revision: 1713997
URL: http://svn.apache.org/viewvc?rev=1713997&view=rev
Log:
Make clear that that the CGI debug page is not considered secure
Modified:
tomcat/trunk/conf/web.xml
tomcat/trunk/webapps/docs/cgi-howto.xml
Modified: tomcat/trunk/conf/web.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/conf/web.xml?rev=1713997&r1=1713996&r2=1713997&view=diff
==============================================================================
--- tomcat/trunk/conf/web.xml (original)
+++ tomcat/trunk/conf/web.xml Thu Nov 12 09:51:47 2015
@@ -340,7 +340,12 @@
<!-- Recommended value: WEB-INF/cgi -->
<!-- -->
<!-- debug Debugging detail level for messages logged -->
- <!-- by this servlet. [0] -->
+ <!-- by this servlet. If set to 10 or more the -->
+ <!-- standard error page mechanism will be -->
+ <!-- disabled and a debug page shown instead. The -->
+ <!-- debug page is not considered secure and -->
+ <!-- should not be enabled for production systems. -->
+ <!-- [0] -->
<!-- -->
<!-- executable Name of the executable used to run the -->
<!-- script. [perl] -->
Modified: tomcat/trunk/webapps/docs/cgi-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/cgi-howto.xml?rev=1713997&r1=1713996&r2=1713997&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/cgi-howto.xml (original)
+++ tomcat/trunk/webapps/docs/cgi-howto.xml Thu Nov 12 09:51:47 2015
@@ -101,8 +101,9 @@ by this servlet. Useful values range fro
means maximum logging. Values of 10 or more mean maximum logging plus debug info
added to the HTTP response. If an error occurs and debug is 10 or more the
standard error page mechanism will be disabled and a response body with debug
-information will be produced. Note that any value of 10 or more has the same
-effect as a value of 10. Default is <code>0</code>.</li>
+information will be produced. The debug page is not considered secure and should
+not be enabled for production systems. Note that any value of 10 or more has the
+same effect as a value of 10. Default is <code>0</code>.</li>
<li><strong>executable</strong> - The of the executable to be used to
run the script. You may explicitly set this parameter to be an empty string
if your script is itself executable (e.g. an exe file). Default is
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org