All,
Tomcat's SecurityLifecycleListener currently checks the current working
user's name, the umask and not much else at the moment.
I'd like to add "administrator" as another username to look for. (The
documentation says that "root" is the only current username checked.)
I would also like to add several items from the DISA STIG document found
here:
https://www.stigviewer.com/stig/apache_tomcat_application_sever_9/2021-12-27/
I haven't decided exactly which items to implement, but I will probably
do this as a PR with separate commits for each item.
Are there any objections to be starting this work?
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
