yes, of course if you have legacy software. No arguments there. As for
regex, that's what ORO is for ;-)
--
Mark Castillo
[EMAIL PROTECTED]
http://www.webFreak.com
- Original Message -
From: "Jan Labanowski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturda
Guys,
You are getting religious about CGI... Religious is good, but I worry that
it is a cult {:-)}. CGI was a good thing for last 6 years, and it is a
still good thing sometimes. Note, we have tons of legacy perl software
around, and believe me, I can sometimes do more in one line of perl, than
i
Hi,
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Craig R. McClanahan
> Sent: Sunday, August 19, 2001 1:17 AM
>
> On Sun, 19 Aug 2001, Deacon Marcus wrote:
>
> > Hi,
> >
> > > -Original Message-
> > > From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
> > > Sent: Satu
Mark Castillo at [EMAIL PROTECTED] wrote:
>
> Right now we've integrated Acme server (and integrated https and login
> session support ourselves, which was a royal pain). So, I'm trying to figure
> out if we want to continue maintaining (fixing/rewriting?) the Acme server
> or scrap it and go to
>
> Sounds cool, but I'll let someone a little more familiar with CGI speak to
the
> feasibility in Tomcat. I started out my dynamic-content life with ASP
(D'oh!),
> then moved to servlets (Woo-hoo!), so I was rather fortunate in that I got
to
> skip the whole CGI nightmare :-)
Good for you. If I
Quoting "Craig R. McClanahan" <[EMAIL PROTECTED]>:
>
> Don't get me wrong, I'm ok with turning it off by default ... but it
> also needs someone to write a HOWTO document on how to turn it on and use
> it (to avoid endless questions on TOMCAT-USER about "I thought you said
> Tomcat 4 supported CGI
Quoting Mark Castillo <[EMAIL PROTECTED]>:
[snip]
>
> What I was really wanting to evaluate was how you guys are managing
> "sessions" and how sessions information could possibly leak out via
> the filesystem, memory, or other ways. The application we are running runs
> in a hostile environment
Deacon Marcus at [EMAIL PROTECTED] wrote:
> Hi,
>
>> -Original Message-
>> From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
>> Sent: Saturday, August 18, 2001 10:44 AM
>> To: tomcat dev jakarta.apache.org
>> Subject: CGI wrapper in Tomcat 4.0 b7
>>
> [...]
>>
>> (BTW, wouldn't it be
On Sat, 18 Aug 2001, Christopher Cain wrote:
> Quoting "Craig R. McClanahan" <[EMAIL PROTECTED]>:
> >
> > Craig (who is amused by this, since Apache itself ships with CGI
> > enabled)
>
> True enough, but the very point of JSP/Servlets is to obviate the need for CGI.
> I can't imagine that A
Quoting "Craig R. McClanahan" <[EMAIL PROTECTED]>:
>
> Craig (who is amused by this, since Apache itself ships with CGI
> enabled)
True enough, but the very point of JSP/Servlets is to obviate the need for CGI.
I can't imagine that ANYONE would want to run CGI from Tomcat unless they had
some
On Sat, 18 Aug 2001, Mark Castillo wrote:
> Hi all. I'm new to the list. Sorry if someone has already brought this up,
> but couldn't the code provide some native methods for changing the uid of
> the process after binding to the network ports (if they want to start as
> root, binding to a port
- Original Message -
>
> It's an experimental feature which is available in our CVS source tree...
> You might want to check out the "service" directory in the
> "jakarta-tomcat-4.0" CVS repository.
Ah! I see it. Nice.
>
> > Currently I'm reviewing the Tomcat sources for embedding a ser
Quoting Mark Castillo <[EMAIL PROTECTED]>:
> Hi all. I'm new to the list. Sorry if someone has already brought this
> up, but couldn't the code provide some native methods for changing the uid
> of the process after binding to the network ports (if they want to start
> as root, binding to a port
On Sun, 19 Aug 2001, Deacon Marcus wrote:
> Hi,
>
> > -Original Message-
> > From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, August 18, 2001 10:44 AM
> > To: tomcat dev jakarta.apache.org
> > Subject: CGI wrapper in Tomcat 4.0 b7
> >
> [...]
> >
> > (BTW, wouldn'
Mark Castillo at [EMAIL PROTECTED] wrote:
> Hi all. I'm new to the list. Sorry if someone has already brought this up,
> but couldn't the code provide some native methods for changing the uid of
> the process after binding to the network ports (if they want to start as
> root, binding to a port <
Quoting Martin van den Bemt <[EMAIL PROTECTED]>:
> point taken about the root thing..
> I took back my words on that it safe to run as root (as quoted in my
> mail to Pier).
Cool. As I said, I had't really read the thread. I wasn't singling you out, I
just wanted to make a definitive comment fo
Hi all. I'm new to the list. Sorry if someone has already brought this up,
but couldn't the code provide some native methods for changing the uid of
the process after binding to the network ports (if they want to start as
root, binding to a port < 1024).
Then, the CGI executed would run as a non-r
Hi,
> -Original Message-
> From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, August 18, 2001 10:44 AM
> To: tomcat dev jakarta.apache.org
> Subject: CGI wrapper in Tomcat 4.0 b7
>
[...]
>
> (BTW, wouldn't it be wise to disable CGI execution in the default
> configuratio
Quoting Dmitri Colebatch <[EMAIL PROTECTED]>:
> Its a function thats defined in /etc/rc.d/init.d/functions on a redhat
> (and mandrake) box.
>
> cheesr
> dim
Ah ... cool. See, I still learn something new every day.
Cheesr, buddy ;-)
- Christopher
Quoting "Pier P. Fumagalli" <[EMAIL PROTECTED]>:
> (BTW, wouldn't it be wise to disable CGI execution in the default
> configuration? I don't know, after hearing people running Tomcat as
> root, I feel we really should!)
+1
On 18 Aug 2001 19:56:33 +0200, Paulo Gaspar wrote:
> I have been trying to improve a bit on the "admin"
> application, especially on the "contextAdmin" bit,
> tweaking its web pages/JSPs in order to add functionality
> and ease of use.
Great :-)
> I am especially interested on making it easier
Hi,
I have been trying to improve a bit on the "admin"
application, especially on the "contextAdmin" bit,
tweaking its web pages/JSPs in order to add functionality
and ease of use.
I am especially interested on making it easier to restart
individual applications, deploy or redeploy new
applic
point taken about the root thing..
I took back my words on that it safe to run as root (as quoted in my mail to
Pier).
But the message I was trying to give was : who are we to tell people not to
run as root as the default tomcat installation already is hackable in 5
minutes?? (at least by Pier..)
Whoha... Just had my nightly report on the server, and thank god it was
running TC40b7 when I had a NESSUS run :)
I got a TON of reports on CGIs installed on the system, and freaked out
AAAHHH someone broke into my server... UNTIL I didn't see a .exe CGI...
What, is it a UNIX or a WINDOWS box? Hm
24 matches
Mail list logo
