2016-03-07 17:52 GMT+01:00 Mark Thomas :
> On 05/03/2016 18:36, Mark Thomas wrote:
> > On 05/03/2016 17:08, Christopher Schultz wrote:
> >
> >>> First of all we could add the remote address valve and limit access to
> >>> localhost by default. That will limit some remote attacks but possibly
> >>>
On 05/03/2016 18:36, Mark Thomas wrote:
> On 05/03/2016 17:08, Christopher Schultz wrote:
>
>>> First of all we could add the remote address valve and limit access to
>>> localhost by default. That will limit some remote attacks but possibly
>>> not all depending on reverse proxy configurations
>>
On 05/03/2016 17:08, Christopher Schultz wrote:
>> First of all we could add the remote address valve and limit access to
>> localhost by default. That will limit some remote attacks but possibly
>> not all depending on reverse proxy configurations
>
> I was thinking about this as well. It would
Mark,
On 3/3/16 3:35 PM, Mark Thomas wrote:
> On 03/03/2016 15:36, Christopher Schultz wrote:
>> Dylan,
>>
>> This might be a better discussion for the users' list, but I'll keep it
>> on dev for the time being.
>>
>> On 2/28/16 2:28 PM, Dylan Ayrey wrote:
>>> I'm a security analyst at a company n
Le 3/03/2016 16:36, Christopher Schultz a écrit :
> 2. Many people use OS-package-managed versions of Tomcat, and we have no
> control over what goes on, there. Whatever we may do may be undone by
> the package manager(s).
FWIW I'm in a position to change the packaging of Tomcat in Debian (and
in
On 03/03/2016 15:36, Christopher Schultz wrote:
> Dylan,
>
> This might be a better discussion for the users' list, but I'll keep it
> on dev for the time being.
>
> On 2/28/16 2:28 PM, Dylan Ayrey wrote:
>> I'm a security analyst at a company named Praetorian. When doing internal
>> network pent
Dylan,
This might be a better discussion for the users' list, but I'll keep it
on dev for the time being.
On 2/28/16 2:28 PM, Dylan Ayrey wrote:
> I'm a security analyst at a company named Praetorian. When doing internal
> network pentesting it is extremely common to find tomcat instances with
>
