On 4/5/07, Bryan Pendleton <[EMAIL PROTECTED]> wrote:
Myrna van Lunteren wrote: > I don't think > there's much of any warning in or near the servlet re security issues.This is an excellent point. I think it would be good to add text such as the following in two places: 1) As XML comments in the web.xml file for the host init-param 2) In the NetServlet documentation in the manual. The text should be something like the following (taken from the Network Server page): Remember: Before using the -h option, you should run under the Java security manager and enable user authentication. By default, the Network Server will listen to requests only on the loopback address, which means that it will only accept connections from the local host. Do you think that would address the security concern? The default for the NetServlet is still "localhost", so it is the same as for the other out-of-the-box ways to run the Network Server. thanks, bryan
I think that would be fine. Myrna
