I can't think of anything more boring and tedious (bug fixing?) but I am willing to help. Maybe we should divide up the classes.
Cheers, -bob On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote: > Hi, > > I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I > would like to collect as more as information as where you think I should > look at (code, security hole, etc.). I'm planning to do the audit using > the default SecurityManager. Rigth now, I have started looking at: > > - doPrivilege blocks. Are they small enough? Can they be reduced? > - JSP generated code. Are they secure? Can a malicious app uses the code > to access o.a.catalina code? > - Is catalina.policy restricted enough? > - Is our Classloader secure? > > Any direction/ideas/recommendations will be appreciated. > > Thanks, > > -- Jeanfrancois > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- Bob Herrmann <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>