Mark,
On 8/27/24 11:59, Mark Thomas wrote:
On 26/08/2024 15:18, Christopher Schultz wrote:
+ Data received by an AJP connector is trusted.
Maybe clarify which data you are talking about? I'm guessing that
"request attributes" and certain headers should be considered trusted,
but the
Mark,
On 8/27/24 11:31, Mark Thomas wrote:
On 26/08/2024 15:14, Christopher Schultz wrote:
All,
On 8/16/24 11:25, Mark Thomas wrote:
On 16/08/2024 13:40, Tim Funk wrote:
How about missingEqualsCookie="allow | ignore"?
The proposed options were:
- ignore
- name
- value
By using [allow |
On 26/08/2024 15:41, Christopher Schultz wrote:
Personally, I am leaning towards spending the $99 so we can remove the
watermark from the Tomcat docs.
1. $99 is nothing, even if it ends up being tied to a single person.
I've been thinking about this some more and I'd prefer the floating
l
On 26/08/2024 15:18, Christopher Schultz wrote:
+ Data received by an AJP connector is trusted.
Maybe clarify which data you are talking about? I'm guessing that
"request attributes" and certain headers should be considered trusted,
but the request entity for example is not.
Thanks.
Author: markt
Date: Tue Aug 27 15:59:06 2024
New Revision: 1920229
URL: http://svn.apache.org/viewvc?rev=1920229&view=rev
Log:
Update after review from schultz - only small parts of AJP is trusted
Modified:
tomcat/site/trunk/docs/security-model.html
tomcat/site/trunk/xdocs/security-model.
On 26/08/2024 14:58, Christopher Schultz wrote:
What good is a cookie with no name?
I'm not sure. I know we had some users that wanted a cookie without a
value (I guess it is some sort of boolean flag). That makes more sense
to me than a cookie without a name.
Is this one of those "optimiza
On 26/08/2024 15:09, Christopher Schultz wrote:
Mark,
On 8/16/24 04:32, Mark Thomas wrote:
On 14/08/2024 19:12, Konstantin Kolinko wrote:
I think that
1) We would better switch to "ignore" mode right now, in all
supported versions.
Based on past experience I am extremely hesitant to chan
On 26/08/2024 15:14, Christopher Schultz wrote:
All,
On 8/16/24 11:25, Mark Thomas wrote:
On 16/08/2024 13:40, Tim Funk wrote:
How about missingEqualsCookie="allow | ignore"?
The proposed options were:
- ignore
- name
- value
By using [allow | ignore] instead of yes/no, it opens the door
csutherl commented on PR #746:
URL: https://github.com/apache/tomcat/pull/746#issuecomment-2312385197
I'm not sure what the goal of this was, or if it was an accident, but this
isn't usable so closing.
--
This is an automated message from the Apache Git Service.
To respond to the message,
csutherl closed pull request #746: review my code
URL: https://github.com/apache/tomcat/pull/746
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-uns
sundarrajboobalan opened a new pull request, #746:
URL: https://github.com/apache/tomcat/pull/746
(no comment)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscrib
11 matches
Mail list logo
