users@glassfish.java.net

RE: TRACE/TRACK vulnerability

From: Lund, Holly <holly.lund_at_hq.doe.gov>
Date: Wed, 26 Mar 2008 08:43:30 -0400

thanks


Holly Lund
301-903-1174
202-586-4431

-----Original Message-----
From: Jeanfrancois.Arcand_at_Sun.COM [mailto:Jeanfrancois.Arcand_at_Sun.COM]
Sent: Tuesday, March 25, 2008 12:25 PM
To: users_at_glassfish.dev.java.net
Subject: Re: TRACE/TRACK vulnerability

Hi,

Lund, Holly wrote:
> How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under

<http-service...>
....
     <property name="traceEnabled" value="false"/> </http-service>

Thanks

-- Jeanfrancois

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.