Quoting "Pier P. Fumagalli" <[EMAIL PROTECTED]>:
> I keep my stance, if I see someone saying "running (put your favourite
> service here) as root is safe", as you did, I'll flame him. Think TWO
> steps ahead, ALWAYS.
>
> Pier (security conscious)
If I may ...
First of all, I have not read
jean-frederic clere wrote:
>
> Bojan Smojver wrote:
> >
> > Bojan Smojver wrote:
> > >
> > > Unfortunately, the problem is still there... Let me run gdb on the thing
> > > again and then I'll send you the backtrace.
> > >
> > > Bojan
> >
> > Slighty different problem this time, but along the line
Martin van den Bemt at [EMAIL PROTECTED] wrote:
> Pier,
>
> I won't make commercials anymore for running as root, just to keep you
> happy..
Just to make _me_ happy? Probably you don't realize what you are saying when
you give hints on running something as root.
> Maybe adding some extra info
Pier,
I won't make commercials anymore for running as root, just to keep you
happy..
Maybe adding some extra info to the mod_jk.html howto about accesability of
the 8007 and 8009 ports if you don't change the defaults (you have to
specifically tell to only accept requests from address 127.0.0.1.
On Fri, 17 Aug 2001, Pier P. Fumagalli wrote:
> Christopher Cain at [EMAIL PROTECTED] wrote:
> >
> >> This is I believe Bergstein's daemontools?
> >
> > To be honest, I'm not sure. It's how alot of the standard init.d scripts
> > are coded in Linux, so that's how I've also done mine. Whatever i
The default checkInterval for org.apache.modules.session.SessionExpirer is
60 seconds. That means that on average, you can expect it to take 30
seconds before it looks.
- Original Message -
From: "Prasanna Uppaladadium" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 17,
Hello.
Could somebody point me to the code where new Sessions are created and
destroyed (timed out) in the Tomcat 3.3 source code please? Here is what
I could gather by going over the code:
1. When a request for a new HttpSession object comes from a servlet,
ultimately the method
org.apache.tomc
Christopher Cain at [EMAIL PROTECTED] wrote:
>
>> This is I believe Bergstein's daemontools?
>
> To be honest, I'm not sure. It's how alot of the standard init.d scripts
> are coded in Linux, so that's how I've also done mine. Whatever it is,
> it's installed by default on every Linux distro I'v
On Fri, 17 Aug 2001, Larry Isaacs wrote:
> > It shouldn't affect the docs
>
> Probably because there isn't any documentation (beyond Javadoc) for
> using EmbededTomcat. :) :) :)
What javadoc :-) ? ( I'll add some as I'm fixing EmbededTomcat, and I
think the result will be cleaner enough so writi
On Fri, 17 Aug 2001, Craig R. McClanahan wrote:
> > Might I suggest that one of the files be named jaxp_parser.jar? Having two
> > jars with the same name *is* confusing, even though I understand why they
> > were split up.
Both files should be identical - why would you name them differently ?
On Fri, 17 Aug 2001, D. Jay Newman wrote:
> Might I suggest that one of the files be named jaxp_parser.jar? Having two
> jars with the same name *is* confusing, even though I understand why they
> were split up.
>
IMHO, that advice would need to go back to the folks who created JAXP. It
woul
On Fri, 17 Aug 2001, Jonathan Pierce wrote:
> Thanks, I see it now in the notes.
>
> Another build question -
>
> There are javax classes referenced by Catalina classes in the dist build that
> are not included. This could lead to class not found errors for users who
> reference the catalina
"Pier P. Fumagalli" wrote:
>
> Christopher Cain at [EMAIL PROTECTED] wrote:
> >
> >> I'm attaching a little C script that degradates the process to a specified
> >> user before execuing it. To compile do "gcc -O2 safexec.c -o safexec" and to
> >> run, (for example catalina) do:
> >>
> >> safexe
pier01/08/17 11:17:35
Modified:webapp INSTALL.txt
Log:
Added a note on Windows Apache thanks to Shawn Evans <[EMAIL PROTECTED]>
Revision ChangesPath
1.4 +4 -0 jakarta-tomcat-connectors/webapp/INSTALL.txt
Index: INSTALL.txt
Might I suggest that one of the files be named jaxp_parser.jar? Having two
jars with the same name *is* confusing, even though I understand why they
were split up.
> On Fri, 17 Aug 2001, Jonathan Pierce wrote:
> > Two copies of the jaxp.jar file are in the 4.0b7 dist. Shouldn't they be moved
> >
Christopher Cain at [EMAIL PROTECTED] wrote:
>
>> I'm attaching a little C script that degradates the process to a specified
>> user before execuing it. To compile do "gcc -O2 safexec.c -o safexec" and to
>> run, (for example catalina) do:
>>
>> safexec username $CATALINA_HOME/bin/catalina.sh sta
"Pier P. Fumagalli" wrote:
>
> FYI... The next one I see on any mailing list suggesting to start tomcat
> (any version) from the RC files without changing user id will understand
> what it means to be flamed... :-/
Yep, that's definitely a bad thing.
[snip]
> I'm attaching a little C script
On Fri, 17 Aug 2001, Kevin Seguin wrote:
> >
> > > also, would it be possible to use a Valve to accomplish this?
> >
> > Yes...
> >
> > > how are valves processed? are they stacked such that the
> > first valve entered
> > > is the last one exited?
> >
> > Correct.
> >
> > > or are they
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 17, 2001 11:00 AM
> To: [EMAIL PROTECTED]
> Subject: Startup - mustfix
>
>
> Hi,
>
> Larry, while playing with the options I found few problems with our
> startup we must fix before beta2.
Thanks, I see it now in the notes.
Another build question -
There are javax classes referenced by Catalina classes in the dist build that
are not included. This could lead to class not found errors for users who
reference the catalina classes without adding them to the /lib directory.
Shouldn't
It's actually easier than that. The realm can return:
BaseInterceptor.OK -- user authenticated.
BaseInterceptor.DECLINED -- I can't authenticate her, but maybe someone
else can
Other (my personal favorite is 403) -- user can't be authenticated and
nobody else should try.
Thus if the first inte
Kevin Seguin at [EMAIL PROTECTED] wrote:
>
> thanks for the info :)
Read what Craig wrote... As always he's way more explanatory than I am :)
Pier
FYI... The next one I see on any mailing list suggesting to start tomcat
(any version) from the RC files without changing user id will understand
what it means to be flamed... :-/
Pier
-- Forwarded Message
From: Pier P. Fumagalli <[EMAIL PROTECTED]>
Organization: Apache Software Foundati
On Fri, 17 Aug 2001, Jonathan Pierce wrote:
>
> Two copies of the jaxp.jar file are in the 4.0b7 dist. Shouldn't they be moved
> in /common/lib/ so that only one copy exists in the class path?
>
> /jasper/jaxp.jar
> /server/lib/jaxp.jar
>
See the RELEASE-NOTES-4.0-B7.txt (or whatever for yo
>
> > also, would it be possible to use a Valve to accomplish this?
>
> Yes...
>
> > how are valves processed? are they stacked such that the
> first valve entered
> > is the last one exited?
>
> Correct.
>
> > or are they chained such that one valve is processed after
> the next, and once
On Fri, 17 Aug 2001, Kevin Seguin wrote:
> something that i've started thinking about recently is how to provide hooks
> in tomcat 4 so that some statistics regarding request processing time could
> be collected.
>
> off of the top of my head, a couple of interesting stats might be average
>
Two copies of the jaxp.jar file are in the 4.0b7 dist. Shouldn't they be moved
in /common/lib/ so that only one copy exists in the class path?
/jasper/jaxp.jar
/server/lib/jaxp.jar
Kevin Seguin at [EMAIL PROTECTED] wrote:
>
> *) has anybody else considered this?
Don't think so...
> *) does anybody else care about this?
I would (but can't commit to it :)
> also, would it be possible to use a Valve to accomplish this?
Yes...
> how are valves processed? are they stacked
Hi i'd like to write a module that would restrict the number of times
someone can login tomcat before their account is locked. I realize that I
could modify the realm that I am using - but I'd like to find a more robust
solution that could be applied to all security realms without requiring
u
something that i've started thinking about recently is how to provide hooks
in tomcat 4 so that some statistics regarding request processing time could
be collected.
off of the top of my head, a couple of interesting stats might be average
request processing time for all contexts (or webapps) a
Can you add the tomcat version number when the startup parameter is -help,
that is probably better then my proposal to add a -version..
Mvgr,
Martin
Hi,
Larry, while playing with the options I found few problems with our
startup we must fix before beta2.
Main is fine, but if someone is embeding tomcat he will probably use
EmbededTomcat. This only works if both container and common classes are in
it's loader.
I need to add at least some comm
32 matches
Mail list logo
