DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42795>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42795 Summary: GET used for unsafe operations Product: Tomcat 5 Version: 5.5.23 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Webapps:Manager AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The Tomcat manager app (usually found at http://hostname:8080/manager/html) uses HTTP GET and a links for unsafe operations such as restarting, redeploying, starting and stopping the server. For example, http://hostname:8080/manager/html/stop?path=/host-manager Protecting the links with JavaScript "are you sure messages" is an unreliable kludge. These links should be redesigned to use POST instead of GET. I suspect I don't have to explain the importance of this to this group, but just in case: http://www.w3.org/2001/tag/doc/whenToUseGet.html -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
