From the Tomcat-user list, anyone know any more? >During development and deployment I discovered >that many types of errors while reading the web.xml >file would result in the app coming up (at least >partly), but with no security. > >This seems like a serious security exposure in >a production environment. > >I believe this is potentially a serious security >exposure and suggest that tomcat should never >allow access to the app if it has any problems >reading the web.xml file or establishing any of >the security environment. > >Frank Lawlor >Athens Group, Inc. >(512) 345-0600 x151 >Athens Group, an employee-owned consulting firm integrating technology >strategy and software solutions. Adam
