Thank you for your help!. I searched for httpd trace instead of http trace and didn't find anything. Now I think I understand the problem. For tomcat 4.x I see that the suggested solution is to add security constraint in to all our application web.xml - is that correct?
Thanks Ganesh -----Original Message----- From: Denis Haskin [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 11:06 AM To: Tomcat Users List Subject: [BULK] - Re: httpd trace and tomcat A google search on "tomcat http trace" came up with a slew of pages about this... Did you try that? dwh Sankaranarayanan (Ganesh) Ganapathy wrote: >Hi All, > >It was brought to my attention that tomcat by default runs httpd trace >and that it is a potential security hole. I don't understand what httpd >trace is - can somebody explain? > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
