Thanks. Security audit day. Spent 3 hours making changes - waiting for results, when the tool ended up reporting a false-positive for DELETE. Now I know I could have done nothing. Great. I still don't have warm fuzzies about this.
I think they used IBM Rational App Scan, not sure though. Leo -----Original Message----- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Thursday, May 13, 2010 3:13 PM To: Tomcat Users List Subject: RE: Restrict http methods > From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] > Subject: Restrict http methods > > What do most people use to restrict PUT and DELETE http methods? > > 2. Set the attribute "readonly" to true in the default servlet in > web.xml The readonly attribute defaults to true, so most people do ... nothing. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org