On 10/06/2014 22:59, Christopher Schultz wrote: > Aah, okay. I didn't realize that .htaccess files were okay to use. > They seem like a huge security hole ;)
Infra limits what you can do in a .htaccess file and - by default - we trust committers. That said, infra won't hesitate to lock an account of a user that does something malicious (or just plain stupid). The chances of a committer regaining access to a locked account are higher if they have just been stupid but it is still by no means guaranteed. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
