You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "BATCHELOR, SCOTT (CONTRACTOR)" <SC...@DFAS.MIL> on 2006/05/01 19:57:00 UTC

RE: deployXML question.

Could anyone shed some litght on this question? Or possibly point me in
the right direction for documentation.

Thanks, 
			


-----Original Message-----
From: BATCHELOR, SCOTT (CONTRACTOR) [mailto:SCOTT.BATCHELOR@dfas.mil] 
Sent: Wednesday, April 26, 2006 12:59 PM
To: Tomcat Users List
Subject: deployXML question.


The deployXML attribute in the server.xml is defaulted to true.  

In the Tomcat Docs it states this:
Security consious environments should set this to false to prevent
applications from interacting with the container's configuration. 
Can anyone explain what the exposure might be by leaving this to value
defaulted to true?  What type of damage a problem applications could
possibly do?
The doc's are very vague in this regard.

Thanks in advance



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: deployXML question.

Posted by Mark Thomas <ma...@apache.org>.

BATCHELOR, SCOTT (CONTRACTOR) wrote:
> Could anyone shed some litght on this question? Or possibly point me in
> the right direction for documentation.

Have a read of http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

With deployXML=true you have control over privileged, crossContext for
starters.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org