https://bz.apache.org/bugzilla/show_bug.cgi?id=48674
--- Comment #9 from Christopher Schultz <ch...@christopherschultz.net> --- This can be a dangerous feature, for a couple of reasons. 1. A bad configuration or vulnerability in the host-manager allows a remote party to write to the filesystem, rather than just trash an in-memory configuration 2. Important information in the file may be overwritten inadvertently 3. NOP configuration information in the file (e.g. comments) will likely be lost when the file is saved I had a look at the StoreConfig-based patch, and I must admit that I got lost in the whole architecture at the point that I started reading code in the o.a.c.storeconfig package. There is very little javadoc explaining what the heck is going on. It looks quite over-engineered and has a lot of code that looks very similar across classes. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
