On 16 Dec 2002, Felipe Schnack wrote:
> Date: 16 Dec 2002 15:43:09 -0200 > From: Felipe Schnack <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: Re: ContainerServlet interface > > The security holes it opens are related to what programmers can do or > related to end users of the application? Can you give me examples? > You kinda worried me now :-) Setting privileged=true lets your webapp call any method on any internal Catalina object. Among other things, that lets you affect *other* webapps. After all, the Manager servlet uses this facility to deploy and undeploy them, and the Admin webapp uses this facility to configure the server. Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
