You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/02/27 09:42:56 UTC
[tomcat] branch 8.5.x updated: Document secret / secretRequired
more explicitly
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 86cb408 Document secret / secretRequired more explicitly
86cb408 is described below
commit 86cb408dee19400a92b73877e31d43dd581ef39d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Feb 27 09:41:11 2020 +0000
Document secret / secretRequired more explicitly
---
webapps/docs/config/ajp.xml | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/webapps/docs/config/ajp.xml b/webapps/docs/config/ajp.xml
index 707b3eb..4cdb371 100644
--- a/webapps/docs/config/ajp.xml
+++ b/webapps/docs/config/ajp.xml
@@ -477,15 +477,21 @@
The default value is <code>null</code>. This attribute must be specified
with a non-null, non-zero length value unless
<strong>secretRequired</strong> is explicitly configured to be
- <code>false</code>.</p>
+ <code>false</code>. If this attribute is configured with a non-null,
+ non-zero length value then the workers <strong>must</strong> provide a
+ matching value else the request will be rejected irrespective of the
+ setting of <strong>secretRequired</strong>.</p>
</attribute>
<attribute name="secretRequired" required="false">
<p>If this attribute is <code>true</code>, the AJP Connector will only
start if the <strong>secret</strong> attribute is configured with a
- non-null, non-zero length value. The default value is <code>true</code>.
- This attribute should only be set to <code>false</code> when the
- Connector is used on a trusted network.</p>
+ non-null, non-zero length value. This attribute only controls whether
+ the <strong>secret</strong> attribute is required to be specified for the
+ AJP Connector to start. It <strong>does not</strong> control whether
+ workers are required to provide the secret. The default value is
+ <code>true</code>. This attribute should only be set to <code>false</code>
+ when the Connector is used on a trusted network.</p>
</attribute>
<attribute name="tcpNoDelay" required="false">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org