Hi;

I am trying to get Bugzilla to work with Tomcat and have run into a
problem. The latest stable release of Bugzilla (2.16) has implemented
"taint checking" in all of the CGI perl scripts as a security feature.
When I attempt to access Bugzilla via Tomcat, I get a message in the log
file from the CGI servlet that its too late to turn on the "-T" option.

The problem as I understand it, is that the perl executable must be
started up with taint checking enabled if the scripts are going to
invoke it. Is there any way I can set an option in Tomcat to have the
CGI servlet properly handle this aspect of perl? Does it matter whether
I run Tomcat 4.1 or 5.0 ?

Thanks

 Larry Levin



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)