security-model.xml

markt Thu, 26 Jun 2025 01:14:45 -0700

Author: markt
Date: Thu Jun 26 08:14:40 2025
New Revision: 1926734

URL: http://svn.apache.org/viewvc?rev=1926734&view=rev
Log:
Make explicit reference to reverse proxies in security model


Modified:
    tomcat/site/trunk/docs/security-model.html
    tomcat/site/trunk/xdocs/security-model.xml

Modified: tomcat/site/trunk/docs/security-model.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1926734&r1=1926733&r2=1926734&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-model.html (original)
+++ tomcat/site/trunk/docs/security-model.html Thu Jun 26 08:14:40 2025
@@ -65,10 +65,11 @@
             (<code>RemoteIpFilter</code>) or any similar functionality.</li>
       </ul>
 
-      <p>Clients are responsible for the consequences of the data they present
-         to Tomcat. If a client presents a malformed request that Tomcat
-         processes as per the specification for configured protocol, then any
-         security impact to the client is the client's responsibility.</p>
+      <p>All clients (including reverse proxies) are responsible for the
+         consequences of the data they present to Tomcat. If a client presents 
a
+         (potentially malformed) request that Tomcat processes as per the
+         specification for the configured protocol, then any security impact to
+         the client is the client's responsibility.</p>
 
     </div></div>
 

Modified: tomcat/site/trunk/xdocs/security-model.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1926734&r1=1926733&r2=1926734&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-model.xml (original)
+++ tomcat/site/trunk/xdocs/security-model.xml Thu Jun 26 08:14:40 2025
@@ -73,10 +73,11 @@
             (<code>RemoteIpFilter</code>) or any similar functionality.</li>
       </ul>
 
-      <p>Clients are responsible for the consequences of the data they present
-         to Tomcat. If a client presents a malformed request that Tomcat
-         processes as per the specification for configured protocol, then any
-         security impact to the client is the client's responsibility.</p>
+      <p>All clients (including reverse proxies) are responsible for the
+         consequences of the data they present to Tomcat. If a client presents 
a
+         (potentially malformed) request that Tomcat processes as per the
+         specification for the configured protocol, then any security impact to
+         the client is the client's responsibility.</p>
 
     </subsection>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1926734 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml

Reply via email to