Quoting Mark Castillo <[EMAIL PROTECTED]>: [snip] > > What I was really wanting to evaluate was how you guys are managing > "sessions" and how sessions information could possibly leak out via > the filesystem, memory, or other ways. The application we are running runs > in a hostile environment (remote offices, may or may not have firewall, etc). > For example, some webservers had an example servlet installed that when > invoked, you'd see a list of current session IDs. Very bad (session > hijacking). Yes, the underlying methods in the Servlet API that allowed you to even write a servlet that could do that ... that never really sat well with me. Fortunately, alot of the methods which allowed for that kind of nonsense have been deprecated in the new 2.3 spec. In fact, I think the most heinous one was already deprecated, and has now been removed altogether (I can't remember the exact one ... one of the getSessions signatures, maybe?). - Christopher
- CGI wrapper in Tomcat 4.0 b7 Pier P. Fumagalli
- Re: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- RE: CGI wrapper in Tomcat 4.0 b7 Deacon Marcus
- Re: CGI wrapper in Tomcat 4.0 b7 Pier P. Fumagalli
- Re: CGI wrapper in Tomcat 4.0 b7 Mark Castillo
- Re: CGI wrapper in Tomcat 4.0 b7 Craig R. McClanahan
- Re: CGI wrapper in Tomcat 4.0 b7 Pier P. Fumagalli
- RE: CGI wrapper in Tomcat 4.0 b7 Craig R. McClanahan
- Re: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- Re: CGI wrapper in Tomcat 4.0 b7 Mark Castillo
- RE: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- RE: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- RE: CGI wrapper in Tomcat 4.0 b7 Craig R. McClanahan
- RE: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- Re: CGI wrapper in Tomcat 4.0 b7 Mark Castillo
- Re: CGI wrapper in Tomcat 4.0 b7 Pier P. Fumagalli
- RE: CGI wrapper in Tomcat 4.0 b7 Deacon Marcus
- Re: CGI wrapper in Tomcat 4.0 b7 Jan Labanowski
- Re: CGI wrapper in Tomcat 4.0 b7 Mark Castillo
- Re: CGI wrapper in Tomcat 4.0 b7 Christopher Cain
- Re: CGI wrapper in Tomcat 4.0 b7 Christopher Cain