During development and deployment I discovered that many types of errors while reading the web.xml file would result in the app coming up (at least partly), but with no security.
This seems like a serious security exposure in a production environment. I believe this is potentially a serious security exposure and suggest that tomcat should never allow access to the app if it has any problems reading the web.xml file or establishing any of the security environment. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
