re: Tomcat Security Exposure

[Adam Manock <abmanock () earthlink net>]

From the Tomcat-user list, anyone know any more?

> During development and deployment I discovered
> that many types of errors while reading the web.xml
> file would result in the app coming up (at least
> partly), but with no security.
>
> This seems like a serious security exposure in
> a production environment.
>
> I believe this is potentially a serious security
> exposure and suggest that tomcat should never
> allow access to the app if it has any problems
> reading the web.xml file or establishing any of
> the security environment.
>
> Frank Lawlor
> Athens Group, Inc.
> (512) 345-0600 x151
> Athens Group, an employee-owned consulting firm integrating technology
> strategy and software solutions.

Adam