Jean-Francois Arcand wrote:
It's not useless. Normal permissions are still turned on. It's only the package protection that is disabled. When disabled, Tomcat 5 is as unsecure as Tomcat 4 in term of sniffing/loading classes, but still secure in term of browsing the file system etc.
Possibly. But I don't know what you can do with access to the Tomcat internals, and hacking the container is a bad security problem IMO. I don't see how you could want half assed security. Oh wait, there's Window$, so I guess there are takers ;)
BTW, Tomcat 4 did package protection.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
