On 25/11/2013 12:07, Konstantin Kolinko wrote:
> 2013/11/25 Mark Thomas <ma...@apache.org>:
>> On 25/11/2013 11:29, Konstantin Kolinko wrote:
>>> 2013/11/25  <ma...@apache.org>:
>>>> Author: markt
>>>> Date: Mon Nov 25 10:26:26 2013
>>>> New Revision: 1545213
>>>>
>>>> URL: http://svn.apache.org/r1545213
>>>> Log:
>>>> When running under a security manager disabled deployXML by default.
>>>>
>>>
>>> +1.
>>>
>>> Note, that
>>> The manager application in its default configuration will stop working
>>>
>>> There was a thread in October,
>>> "can't connect to manager application"
>>> http://markmail.org/thread/ob3kjbnvu2usljmz
>>>
>>> I thought to add this effect to the description of "deployXML"
>>> attribute, but have not got there yet.
>>>
>>> Similarly, if someone has important bits in their META-INF/context.xml
>>> such as RemoteAddrValve and AccessLogValve, those will be ignored with
>>> this change. If those were not critical to one's web application and
>>> it starts successfully, it will lower their security,
>>
>> Ah. That isn't good. I think it will be safer to introduce this change
>> only in 8.0.x. It can be documented in the migration guide. That sort of
>> change in a point release is going to catch people out.
>>
> 
> A thought:
> A possible enhancement to the behaviour of "deployXML=false":
> 
> Do not start applications that have their own META-INF/context.xml,
> unless there is an explicit configuration for them in conf/*.
> 
> This takes care of occasionally ignoring a RemoteAddrValve and similar
> (such as the RemoteAddrValve that we may enable by default in the
> Manager webapp).

That would work. I'll take a look.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to