I guess it depends upon how the Ready2Run is used. Personally I use it to just download, unzip, and run. No setup required. Since I wouldn't use it for anything remotely production I don't think that it would be a problem.
The security issue I believe is because of the character aliasing it allows too. From the documentation page: /MySeCrEtFoLdEr/secret.html /mysec~a0.dir/secret.html /mySecretFolder/secret.html%00 Are all the same if the aliasing is turned on. So I probably wouldn't use it anywhere that people can run penetration tests, but for a quick testing and local development I think it's a good thing. Then I can just alias the same directory into Railo, openBD, CF8, and CF9 potentially and test the same code against all of them. $0.02 Randy On Sep 3, 8:25 pm, Alan Holden <[email protected]> wrote: > Codehaus.org also says here that it is a security risk to disable > 'checkAliases' by default. > > http://docs.codehaus.org/display/JETTY/SystemProperties > > I don't run Jetty myself, just ran across this via Google. I would hope > that more Googlin' would turn up why, cause I dunno. > > Alan K. Holden --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
