Mladen Turk wrote:
jean-frederic clere wrote:
Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
If the examples are broken, then we have serious problems,
either with
jean-frederic clere wrote:
> Hi,
>
> The examples (servlet and JSP) have caused a list of security issues.
> I think we should remove them from the Tomcat binary packages (6.0 and
> 5.x at least).
> Any comments?
+0.
If they are removed I would suggest replacing them with a page that
points to t
ssage-
From: Ian Darwin [mailto:[EMAIL PROTECTED]
Sent: Monday, July 09, 2007 11:40 AM
To: Tomcat Developers List
Subject: Re: Removing the examples (JSP/servlet) in TC Binaries
Leech, Jonathan wrote:
> My 2 cents:
> - Don't install the examples by default.
> - Implement them in strai
Leech, Jonathan wrote:
My 2 cents:
- Don't install the examples by default.
- Implement them in straight .jsp / servlets etc w/o using frameworks.
- Encourage each framework to implement the same examples using their
framework.
Fair enough. How about installing by default a very simple exampl
jean-frederic clere wrote:
Hi,
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
If the examples are broken, then we have serious problems,
either with examples or with th
July 09, 2007 11:13 AM
To: Tomcat Developers List
Subject: Re: Removing the examples (JSP/servlet) in TC Binaries
William L. Thomson Jr. wrote:
> Just FYI, on Gentoo we do not install or provide the examples by
> default. One must set the examples USE flag for examples to be
> install
William L. Thomson Jr. wrote:
Just FYI, on Gentoo we do not install or provide the examples by
default. One must set the examples USE flag for examples to be
installed. Because of such they were kinda moot issues for the recent
security issues for us on Gentoo.
Same thing on OpenBSD; there's a
It's nice if *someone* provides good reference examples; consider the mess
in PHP development-by-example that's left the web in a half-usable state.
Good reference examples? Do you want to encourage people to code
getRequestDispatcher.forward() by hand? Or do you want them using one of
the "
Just FYI, on Gentoo we do not install or provide the examples by
default. One must set the examples USE flag for examples to be
installed. Because of such they were kinda moot issues for the recent
security issues for us on Gentoo.
Most running TC in production, or are actually using it for webapp
Rainer Jung wrote:
> I'm not sure. They provide an easy entry point for people using Tomcat
> because it is so simple to just use them. There are a couple of choices:
>
> - leave the examples in the download and take their security serious.
> This is what we do now.
good choice...
> - leave the
Hey,
On 7/9/07, jean-frederic clere <[EMAIL PROTECTED]> wrote:
The examples (servlet and JSP) have caused a list of security issues.
I think we should remove them from the Tomcat binary packages (6.0 and
5.x at least).
Any comments?
I'd like to leave them in, as they're amazingly useful, espec
I'm not sure. They provide an easy entry point for people using Tomcat
because it is so simple to just use them. There are a couple of choices:
- leave the examples in the download and take their security serious.
This is what we do now.
- leave the examples in the download, but don't bother
12 matches
Mail list logo
