users@glassfish.java.net

Re: TRACE/TRACK vulnerability

From: Jeanfrancois Arcand <Jeanfrancois.Arcand_at_Sun.COM>
Date: Tue, 25 Mar 2008 12:24:47 -0400

Hi,

Lund, Holly wrote:
> How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under

<http-service...>
....
     <property name="traceEnabled" value="false"/>
</http-service>

Thanks

-- Jeanfrancois

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>