Thanks, Tim. Makes a lot of sense now. Paul On Sunday 01 December 2002 03:01 pm, Tim Funk wrote: > Its a security hole. Look at the archives for a more in depth explanation. > > Personally, I hate the invoker servlet because > - it exposes the class name being used. Much harder to refactor your > system. - Doesn't require explicit definition of servlets. This makes > maintenance very hard because there is no roadmap of servlet > definitions. web.xml is nice for this. > - The absense of explicit declaration allows forgetful lazy programmers > to keep old servlets around allowing for security leaks. > - Doesn't require explicit definition of servlets. Its worth saying a > second time because I hate it that much. > > -Tim > > Paul Yunusov wrote: > > On Sunday 01 December 2002 01:55 pm, anywhere-info wrote: > >>could you be you dint un-comment the invoker servlet in web.xml of ur > >>tomcat > >> > >>Paul Yunusov wrote: > >>>Hello, > >>> > >>>I was wondering what, in general, can cause a servlet to be > >>> "unavailable" as reported by a StandardWrapperValve of Tomcat 4.1.12. > >>>Thanks, > >>>Paul > >>> > >>>-- > >>>To unsubscribe, e-mail: > >>><mailto:[EMAIL PROTECTED]> For additional > >>>commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > Thanks for the comment. Are you refering to this entry in web.xml? > > > > <servlet-mapping> > > <servlet-name>invoker</servlet-name> > > <url-pattern>/servlet/*</url-pattern> > > </servlet-mapping> > > > > Individual mapping of the "/servlet/*" pattern to the invoker servlet for > > every application seems to have been the default behavior in 4.0.x. Can > > anyone explain, please, why it's changed to optional now? > > Paul > > > > -- > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> For additional > > commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
