What are the security problems and why doesn't Apache or other major web servers have this problem (or do they)?
If this is made optional (with the default turned off) is the problem with it breaking an app ... really a problem? -----Original Message----- From: Remy Maucherat [mailto:[EMAIL PROTECTED]] Sent: Monday, February 17, 2003 1:58 AM To: Tomcat Developers List Subject: Re: Request to Fix Tomcat Standalone 302 redirect Issue Bill Barker wrote: > ----- Original Message ----- > From: "neal" <[EMAIL PROTECTED]> > To: "Tomcat Developers List" <[EMAIL PROTECTED]> > Sent: Sunday, February 16, 2003 8:00 PM > Subject: RE: Request to Fix Tomcat Standalone 302 redirect Issue > > > >>So it *will* be in tomcat 5? >> >>My head is spinning...so confusing. >> >>How does one access o.a.t.u.http.mapper.Mapper? Is this something that > > will > >>be configurable via web.xml? >> > > > It will be in configurable in 'server.xml' (or, at least it will be when I > do my next commit :). Good, the code looks like as if I had written it myself :) However, it poses the usual security problems, and breaks the admin webapp. Remy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
