security-howto.xml

markt Thu, 12 Nov 2015 02:49:48 -0800

Author: markt
Date: Thu Nov 12 10:48:45 2015
New Revision: 1714012

URL: http://svn.apache.org/viewvc?rev=1714012&view=rev
Log:
Add info on CGI debug page


Modified:
    tomcat/trunk/webapps/docs/security-howto.xml

Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1714012&r1=1714011&r2=1714012&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Thu Nov 12 10:48:45 2015
@@ -469,6 +469,10 @@
     script will still report the version number.
     </p>
 
+    <p>The CGI Servlet is disabled by default. If enabled, the debug
+    initialisation parameter should not be set to <code>10</code> or higher on 
a
+    production system because the debug page is not secure.</p>
+ 
     <p><a href="config/filter.html">FailedRequestFilter</a>
     can be configured and used to reject requests that had errors during
     request parameter parsing. Without the filter the default behaviour is



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1714012 - /tomcat/trunk/webapps/docs/security-howto.xml

Reply via email to