On 23/03/2020 11:34, André Warnier (tomcat/perl) wrote: <snip/>
> The *default* of this attribute is "false", when the "address" attribute > is explicitly set to "127.0.0.1" or "::1", or when it defaults to the > loopback address. > The *default* of this attribute is "true", when the "address" attribute > is set to any other IP address. > unquote <snip/> This proposal assumes that only trusted users have access to the loopback address. While this is true for the majority of Tomcat installations there are use cases where this is not the case. Granted those use cases (e.g. shared hosting) usually have better solutions (e.g. per user, isolated containers) where only trusted users have access but not everyone uses them. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org