-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alan,
On 8/3/20 21:25, Alan Basche wrote: > I have recently developed code for Tomcat 8.5 that defends against > black-hats probing Tomcat and the website apps for > vulnerabilities. This coding effort started a year ago, and the > latest code has been running successfully on Tomcat 8.5.49 (Linux > server) for about 3 months. I feel that Tomcat is less vulnerable > now and I would be rather uncomfortable running a production system > without this new feature. > > I am happy to provide design details and donate this code to > Apache, but I am unsure of your process to introduce new Tomcat > features for review by your dev team, and to submit code. > > Let me know if you have questions. What kind of protections does this module provide? How does it integrate into Tomcat (e.g. custom Filter/Valve/ServletContextListener, patches to arbitrary places in Tomcat internals, etc.)? Are you willing to post your code somewhere like GitHub where everyone can see it? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8paG4ACgkQHPApP6U8 pFjbHg/8CJU3YQqQhu9TdPkSyS1CtRy6dgN0wf24NbU0mB39732lSk63Nssvm76e TWSzZ3cArjNseMrv8pxPsj44q5LCKZC065PpJnz5FEG0wJo7jVH+oQ4UcfBTqyuF woTjbMmX7b8IQIY/z5vgHXlgXlbVx8gZzNyRh0SgUZPNrZyViGgTKLMz4Wo+1PO+ xhBIEsAMyF55mei8qXYTatoW6vZ8oXofzh54Z41sAiA1zhziPBgim6E8UUaH8F8p kL9fcI3n421tsaE9ALLMrWQLAxUgwdbcLrL23JWRXOMT9pk7htkdEpQ+NF7UByr+ yL6omz3+LfUngFpAAIYX1A2DRQ9vtlFkM3VklGahemAM3BXzsiAEwbMYCycAhJEt iuoBu93F1q00iStYE6OcesRLIcmVplQMEGfgF8ibg9NGJQZLeTGXKfN2ksGAkr9x uk4uco9+NDKq19eQGitFnzx+l1Dvh9NlSDcoJsbw8mDKhPM1S+u3vQ5jVIgTw9s0 W5U8qWxFFcH3yWa805f3Skptps7mQg12YpDBsTEErwip+cIGhwG4Yna1AFtXhVU3 QHdz9hEsu1efNVWmjKvTsjAXnPNfn5F3rXjiyEbEzws1k0Z4D8MlrFWyk4ykfJWj e4/oPtQE/QD2jgq488WDRhMRimV2iB4u26SdfW7dyQvXVHNQI8I= =AiQz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
