Re: RE: Who use Tomcat as a stand-alone server in production environm ent ?

[Carsten Burstedde <c...@burstedde.de>]

>no, I don't use a security manager. My machine is secure, so I am not
>concerned about rogue servlets somehow making their way to my system. I
>would be more concerned about it if we had a more developers, used third
>party software(non-open source), etc.

Imho, the Security manager is one of the easier things to configure (TC 3.3), and its use helps to clarify things and find 
bugs earlier.

Carsten



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: RE: Who use Tomcat as a stand-alone server in production environm ent ?

[Kim Altintop <ki...@deepfx.com>]

Hi Charlie,

>> no, I don't use a security manager. My machine is secure, so I am not
>> concerned about rogue servlets somehow making their way to my system. I
>> would be more concerned about it if we had a more developers, used third
>> party software(non-open source), etc.

Hum, that's an interesting statement... I once read the following
somewhere: "If you don't know how to break it, that doesn't mean it's
secure". However, I also tend to trust my own software. But how do you
explain that to your customers? Using the exact words you used above, I
guess ;-)


Hi Carsten,

> Imho, the Security manager is one of the easier things to configure (TC
> 3.3), and its use helps to clarify things and find  bugs earlier.
 
That's right - but 3.3 is not my problem: I'm running 4.0.3 (and I have to
- large parts of the code depend on the servlet 2.3/ jsp 1.2 spec). Do you
have any experience with it? 

Regards,
Kim

--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>