On Thu, Jun 6, 2024 at 4:46 PM Christopher Schultz
wrote:
>
> All,
>
> I'd like to remove the around the SecureLifecycleListener
> in conf/server.xml that we bundle with Tomcat distributions.
>
> Before I do so, are there any objections to making this change?
+1
Having something commented out in
On Fri, Jun 7, 2024 at 10:33 AM Tim Funk wrote:
> Somewhat related and tangential to the other conversations
>
> Is it worth introducing a system property like
> "-Dtomcat.security.harden=true". (Personally not sold yet on the idea)
>
I think I'm +0 on this. Implementing something like this
Somewhat related and tangential to the other conversations
Is it worth introducing a system property like
"-Dtomcat.security.harden=true". (Personally not sold yet on the idea)
Then when set to true ...
- It can go nuts with additional SecureLifecycleListener checks
- It can disable all OOTB
Coty,
On 6/6/24 11:34, Coty Sutherland wrote:
On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
All,
I'd like to remove the around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any
Konstantin,
On 6/6/24 12:01, Konstantin Kolinko wrote:
чт, 6 июн. 2024 г. в 17:46, Christopher Schultz :
All,
I'd like to remove the around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any objections to making this change
чт, 6 июн. 2024 г. в 17:46, Christopher Schultz :
>
> All,
>
> I'd like to remove the around the SecureLifecycleListener
> in conf/server.xml that we bundle with Tomcat distributions.
>
> Before I do so, are there any objections to making this change?
Its name is "SecurityListener",
org.apache.ca
On Thu, Jun 6, 2024 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> All,
>
> I'd like to remove the around the SecureLifecycleListener
> in conf/server.xml that we bundle with Tomcat distributions.
>
> Before I do so, are there any objections to making this change?
>
No
All,
I'd like to remove the around the SecureLifecycleListener
in conf/server.xml that we bundle with Tomcat distributions.
Before I do so, are there any objections to making this change?
Thanks,
-chris
-
To unsubscribe, e-
