-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Heya Trevor,
1 Have not yet looked into SecurityManager.
As i'm running XWiki on a dedicated server, i'm not really concerned about
tomcat accessing files on the local file system.
Any connecting to a host other than the one the applet was loaded from should be blocked
by the firewall.
2 Knowing the software in use is of help to an attacker, not having 'xwiki' in the
URL doesn't help since the login page will most likely tell what software is used
anyway.
3 Simple get a certificate and follow the SSL Configuration HOW-TO (for 5.5:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html)
I don't want anybody to be able to sniff passwords or content (from any of the
services i make available on the internet), so i always use SSL.
Actually, as i've secured my systems to the best of my knowledge, i'm more
concerned about the inside thread.
Mazzel,
Martijn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iQEVAwUBSoZn0ft+Km8vKaO1AQKq7wf+InMjq3gr+rU+dMTuHJ5TB04GOTwkQ0pX
jAWI5UiiOtlVRL1y74m7+TsKEbfHphIQOEmm4XvohYfftYOViF0Bq7Muis5AIdZK
Pf6H8sUrmXfWJ4goIqTcJDPTR/YutFW1z80PtlOc7GBJByu5UQvCI0WqE9yUduC0
2XjyriasPydQVfaDXITyxGnrCNhIeJ77oLkyTbDY/MnYR+y2aU0Og38XS3aZrlQi
ukFMM2aEV9sl23KTP2PL3t0Kwr7mTLZqng0mAIcva9K8aQunC9itgTm+Jok20z2P
mUChCuPF6aJpT4zMrO1hQDJR2O45DN+ObCKecK1vH1ukmiQPB09FQg==
=qNCK
-----END PGP SIGNATURE-----