Dan Milstein <[EMAIL PROTECTED]> wrote:
>
> The spec for the Ajp2.1 (which was not, AFAIK, ever implemented) has an
> excellent section discussing "Security Hazards". Anyone interested can
> check that out at:
>
> http://java.apache.org/jserv/protocol/AJPv21.html
Hehehe :) I was one of the co-
Craig R. McClanahan <[EMAIL PROTECTED]> wrote:
>>
>> BARF, Craig :) :) :) Bind your serversocket to the 127.0.0.1 address only,
>> and the trick is done... (if it doesn't work, it's a JVM/OS problem)
>
> That controls where the *destination* of the client connection can go,
> but not the *origin
"Pier P. Fumagalli" wrote:
> Craig R. McClanahan <[EMAIL PROTECTED]> wrote:
> >>
> >> Tomcat 4.0 will use port 8005 as its shutdown port, will this only accept
> >> connections from localhost?
> >
> > Yes, in effect. The connection is accepted no matter where it comes from, but
> > attempts to s
marcsaeg01/03/04 20:02:50
Modified:src/share/org/apache/tomcat/util Tag: tomcat_32
FileUtil.java
Log:
Removed trim() from patch() method to avoide security hole. This patch was applied
to Tomcat 3.3 a couple months ago, but never got ported to the tomcat_32
I've been trying to get jikes to work under tomcat - and finally tracked
down the problem I was facing to this:
in TC 3.3.1 M1
src/facade22/org/apache/tomcat/facade/JspInterceptor.java
In the case where there is no context classpath, jikes will not work
because of invalid
class path. I've inclu
In 3.x, the Ajp12 and Ajp13 Connectors currently accept connections from
anywhere. People have proposed adding the ability to have an accept/deny
list in the configs, but it hasn't been done (the Java code for this would
be pretty easy, actually), and it would be backward compatible with the
mod_
Glenn Nielsen <[EMAIL PROTECTED]> wrote:
> Ok, so if you want to restrict network access from remote Apache servers
> using the mod_jserv, mod_jk, or mod_webapp connectors to Tomcat; you can't
> do it with either Tomcat 3.2 or Tomcat 4.0, correct?
>
> Sure would be nice if network access allow/d
Ok, so if you want to restrict network access from remote Apache servers
using the mod_jserv, mod_jk, or mod_webapp connectors to Tomcat; you can't
do it with either Tomcat 3.2 or Tomcat 4.0, correct?
Sure would be nice if network access allow/deny for Connectors could be
configured for those w
melaquias01/03/04 18:56:49
Modified:src/share/org/apache/tomcat/modules/config ApacheConfig.java
Log:
Put conditionals around LoadModule statements.
Added several configuration attributes to the ApacheConfig tag.
Revision ChangesPath
1.7 +732 -293
jakarta-tomc
Craig R. McClanahan <[EMAIL PROTECTED]> wrote:
>>
>> Tomcat 4.0 will use port 8005 as its shutdown port, will this only accept
>> connections from localhost?
>
> Yes, in effect. The connection is accepted no matter where it comes from, but
> attempts to shut down Tomcat are refused unless they
In article ,
[EMAIL PROTECTED] writes:
|larryi 01/03/01 10:05:07
|
| Modified:src/share/org/apache/tomcat/util/io FileUtil.java
| Log:
| Removed the "trim" in patch() method to avoid security hole. A file ending
| in ".jsp%20" would not be considered a JSP page, but cou
Glenn Nielsen wrote:
> I have a general question about restricting access from remote hosts
> to common connectors used by Tomcat 3.x and Tomcat 4.0.
>
> Tomcat 3.x will use port 8007 for its Apache ajp12 connector, is there anyway
> to configure Tomcat 3.x so it will only accept connections on t
I have a general question about restricting access from remote hosts
to common connectors used by Tomcat 3.x and Tomcat 4.0.
Tomcat 3.x will use port 8007 for its Apache ajp12 connector, is there anyway
to configure Tomcat 3.x so it will only accept connections on that port
from localhost or a si
melaquias01/03/04 14:38:16
Modified:src/share/org/apache/tomcat/startup Main.java
Log:
Changed name of configuration property "org.apache.tomcat.shared.classpath" to
"org.apache.tomcat.apps.classpath" to be consistent with the new TOMCAT_HOME/lib/
directory structure.
Updated ja
We can -1 later :) go for it , it looks nice.
I dont understand your question fully .., you are asking about to
generate the complete javadocs for all packages ?
8<
8<---
I notice that as of a day or two ago (my last major
'update' from CVS) that now when I build tomcat 3.3,
even after a 'clean', that only a few of the javadocs
get generated. Specifically, just those in
org.apache.tomcat.modules.
I realize that for some folks, they don't want to wait
to rebuild a
{sorry about the resend - I hit the send button early
last time}
The attached PATCH modifies
org.apache.tomcat.modules.config.ApacheConfig to add
some needed flexibility. I need someone who is
running apache and tomcat3.3 using mod_jserv to test
it in that
configuration and give their feedback.
The attached PATCH modifies
org.apache.tomcat.modules.config.ApacheConfig to add
some needed flexibility. I need someone who is
running apache and tomcat3.3 using mod_jserv to test
it in that
configuration and give their feedback.
I've tested it with mod_jk on winNT and linux 6.2 and
it seems
Hi Mel,
> I notice that you've renamed the
> 'TOMCAT_HOME/lib/shared' directory to
> 'TOMCAT_HOME/lib/apps' (as well as created a new
> 'container' subdirectory and rearranged the jar
> contents a bit.).
Yes, I sent the proposal few weeks ago and nobody
said -1. It's mostly a cosmetic change.
Costin,
I notice that you've renamed the
'TOMCAT_HOME/lib/shared' directory to
'TOMCAT_HOME/lib/apps' (as well as created a new
'container' subdirectory and rearranged the jar
contents a bit.).
This probably is a better name because there is the
potential for confusion in that 'shared' might be
larryi 01/03/04 11:49:04
Modified:src/share/org/apache/tomcat/util/compat
SimpleClassLoader.java
Log:
Port fix in Tomcat 3.2.2 for Bugzilla Bug #134.
Submitted by: Joel Bartley
Update Resource.doFindResource() to close the ZipFile object when
no
Could you send it to me too, please.
I am next to finishing the jsp compacter I promised but I will really need
help to integrate it.
Gracias,
Carlos Gaston Alvarez
- Original Message -
From: Alex Fernández <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 21, 2001
Benchmarks don't mean a whole lot to me as they're all a bit on the
subjective and
software has gotten a little too complex to say "this is faster/better or
more stable
than this" because different situations highlight different things/needs. I
mean Microsoft does benchmarks where they beat Oracl
Regarding the following bug:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=356
While testing for bug #484, I also tested #356 (the same JSP pages
calling sendRedirect()). All my tests showed no bugs.
Oddly the Bugzilla report says Tomcat 3.2 Final, but the Bugrat report
says Tomcat 3.2.1 Fin
I was investigating bug #484 in Bugzilla:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=484
I was not able to recreate this bug as reported.
I am using Tomcat 3.2.1 Final, where the bug was reported using Tomcat
3.2.1 Nightly on Jan 21, 2001. This may be the cause.
I tested all of the case
25 matches
Mail list logo
