Hi there, I have read the "Existing Risks and Problems" (Chapter 8 in the internal document of the TC-3.3) and spotted that there is a potentional security risk in using Tomcat as a platform for the Application Gateway to an enterprise business support system. One of very important subprojects I still need to solve is providing a secure environment and currently we are constructing a sort of "Checking Engine" that basically test every parameter against predescribed conditions and reject all invalid requests. Has anybody already thought about this or eventually produced some code/concept? I hope some of original contributors will also read this post. I have some development resources allocated to this task, but would prefer if we could join forces with other interested parties as this must be a very important issue. Drasko