What solution been found out for this problem? I am really a sufferer of
this problem? I am thinking of entering a bug. But, the problem is, as
Sebastiaan said, reproducing the bug. Let me work on this, or guys you can
also help/guide/work on reproducing the bug.
--
Manivannan Palanichamy
http://m
Christopher Schultz wrote:
> Andrew,
>
> Andrew Hole wrote:
>> Is it possible encrypt password on Resource setup?
>
> No (still).
And for good reason.
First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box
locally
"Brian Munroe" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> This is more of a Servlet API question, but pertains to Tomcat
> nonetheless. I am using Tomcat 5.5.23 with JDK 1.6.
>
> I am having a problem with Generics and request.getParameterNames().
> I keep getting a unchecked
"David Delbecq" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
> it is my understanding that tomcat uses a valve to detect Throwables
> from webapp and redirect to error page. However, in some case, it seems
> impossible to redirect to error page:
>
> 68937425 [http-8081-P
fredk2 wrote:
Hi,
To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:
1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.
2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
What do t
Hi,
To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:
1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.
2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
What do these file do?
but an XML validator tool will only validate whether the XML is malformed or
not, right? Not whether it touches parameters that exist in Tomcat. Right?
Glad to hear you got it working.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 17, 2007 7:56
On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:
> I found the problem. Something else was listening on port 8005. I
> changed it to 8006 in the XML config file and all worked smoothly from
> then on. Thank you for your help; without netstat, I'd never have
> managed to puzzle this out.
Ok, g
On 8/17/07, Vigorito, Nicholas E. <[EMAIL PROTECTED]> wrote:
>
> - If the suid bit is set for the owner of a directory (looks like drws
> when shown via ls -l) what does that mean? I can find what it means for
> a file but not a directory.
>
Here is a much better explanation then I would be able
Thanks Chris!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Christopher Schultz
Sent: Friday, August 17, 2007 3:52 PM
To: Tomcat Users List
Subject: Re: Off-Topic - Linux questions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vigorito,
Vigorito
The this is that there are serious security concerns regarding SOX
audits... Are there preventative measures about cleartext pass? No, but
SOX auditors could easily point out all these stuff as 'unsafe
environments'...
Anyway, I'm just trying to enforce security as much as I can in my
environment
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vigorito,
Vigorito, Nicholas E. wrote:
> This is off topic but I cannot seem to find the answers to the following
> for Linux. Anyone know the answers to the following:
>
> - If the suid bit is set for the owner of a directory (looks like drws
> when
On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:>
> SEVERE: StandardServer.await: create[8005]:
> java.net.BindException: Address already in use: JVM_Bind
>
> It claims the address is already in use, but netstat shows nothing on
> that address. Stopping the apache server itself did not change
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
> I know.. This is quite difficult to address...
>
> Have your company adhered to SOX already?
Erm... correct me if I'm wrong, but SOX is all about public disclosure
of bad things happening. There are no preventative
I found the problem. Something else was listening on port 8005. I
changed it to 8006 in the XML config file and all worked smoothly from
then on. Thank you for your help; without netstat, I'd never have
managed to puzzle this out.
--
===
Blog: www.xanga.com/lizard_sf
Currently
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
> Microsoft seems to have a good solution for that. The 'keys' are
> associated with na specific domain account... What do you think:
> http://msdn2.microsoft.com/en-us/library/ms995355.aspx
I don't see this as a soluti
This is off topic but I cannot seem to find the answers to the following
for Linux. Anyone know the answers to the following:
- If the suid bit is set for the owner of a directory (looks like drws
when shown via ls -l) what does that mean? I can find what it means for
a file but not a directory.
All the solutions I ever heard of boil down to two approaches:
1) The secrets are stored in the computer, and protected by filesystem
permissions. This is what you have now. Ensure that the
filemode/ACL/whatever is correct to prevent unauthorized access to
the files containing the s
Chris,
Microsoft seems to have a good solution for that. The 'keys' are
associated with na specific domain account... What do you think:
http://msdn2.microsoft.com/en-us/library/ms995355.aspx
Thank you!
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em: se
I know.. This is quite difficult to address...
Have your company adhered to SOX already?
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 17 de agosto de 2007 15:17
Para: Tomcat Users List
Assunto: Re: RES: Context.xml file
-BEGIN PGP S
Rainer Jung wrote:
If I remember that correctly:
- if you include it in LD_LIBRARY_PATH, the JVM will add it to
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for
the runtime linker to find the tcnative dependencies apr and openssl
Anyone: co
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
> Regarding that, I came across an implementation suggestion which seems
> to be valid, but still seems to have security issues. What do you think?
> Take a look at http://wldj.sys-con.com/read/393364.htm
Wow, what a mi
Thank you for the tip on netstat. (Dammit, Jim, I'm a database
developer, not a network admin!) (Yes, I know, it's important to learn
all relevant skills and I'm not claiming ignorance is justifiable...)
It did lead me to discover that a)Nothing is listening on 8080, and,
b)Despite windows services
I read this just after I sent the same question... Take alook at the
following article:
http://wldj.sys-con.com/read/393364.htm
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 17 de agosto de 2007 11:46
Para: Tomcat Users List
Assunto: Re: R
On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:
> I am sure more information is needed to diagnose this problem, and I
> will happily provide it.
>
> Thank you for any support you can offer.
>
2 things to check.
1. Do the tomcat logs tell you anything? Located in /logs
2. From a command
Regarding that, I came across an implementation suggestion which seems
to be valid, but still seems to have security issues. What do you think?
Take a look at http://wldj.sys-con.com/read/393364.htm
-Mensagem original-
De: Milanez, Marcus [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feir
everything seems to be blocked on this one
"TP-Processor62" daemon prio=1 tid=0x081ef7e0 nid=0x6971 runnable
[0x94f12000..0x94f130a0]
at java.lang.String.intern(Native Method)
at javax.management.ObjectName.setCanonicalName(ObjectName.java:733)
at javax.management.ObjectName.construct(ObjectNam
Hello everyone!
Is there a way to make the context.xml file more secure? I mean, inside
this file we have database users and passwords in plain form, and this
seems to be a severe security issue... How do you guys usually protect
these informations (using context.xml file) in your projects?
Thank
I do not know the answer. A similar behaviour happened with our servers
when finilizer dead-locked. In your case Finilizer did not dead-lock,
but it fails with exception and I do not know if it recovers after that.
Try checking stack trace several times in a row and see what the
finilizer does.
Greetings!
I have been given the task of setting up a basic local server to test
out Java servlets and evaluate some web technologies for my company. I
am using Windows XP SP2, Java 1.6, Eclipse 3.2, and Apache 2.2.4. I am
following the directions in the O'Reilly "Eclipse Cookbook", and I
download
Not sure that I understand your problem: is a jk load balancer involved
and your request gets send to the wrong instance? If so, we can explain,
how the decision is made.
If you are only using a single node, I don't understand the problem. You
write "you correctly get an exception". If it's co
1) Real round robin
If you really want to distribute requests fully via round robin, you
need to set
worker.loadbalancer.sticky_session=False
2) Session stickyness
But usually, this is *not* what you want. Usually, you want requests,
that belong to a user session to go to the same Tomcat in
>Is there any reason why you couldn't store your *.xml file in WEB-INF/
No. There is no problem with doing this and it's probably the method
I'll use. Thanks everyone for all the comments.
Robert Segal
Tools Developer
CryptoLogic Inc.
55 St. Clair Ave W., 3rd Floor
Toronto, Ontario
Canada M4V
Hi Iain,
From a previous question I asked on the list:
If you use auto-deploy and you have a WAR file or directory in the
"webapps" directory, then any "path" attribute you have in your
element will be ignored (or, worse, confused and used ion some
weird way). Perhaps this is a problem with your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck and Thomas,
Caldarale, Charles R wrote:
>> From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED]
>> Subject: Re: Register url in ROOT application
>>
>> I want to be able to register a servlet in the ROOT application
>> that will handle reque
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?
No (still).
- -chris
PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph S wrote:
> Christopher Schultz wrote:
>
>> Setting the encoding of the response is sometimes necessary when the
>> browser (stupidly, IMO) elects not to send the charset being used to the
>> server.
>>
> It isn't the browser's fault, its
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
Gregor Schneider wrote:
> Chuck,
>
> then the docs are quite misleading.
Nope. Read them again.
>
> When a request to load a class
> from the web application's WebappX class loader is processed, this
> class loader will look in the local r
Christopher Schultz wrote:
Setting the encoding of the response is sometimes necessary when the
browser (stupidly, IMO) elects not to send the charset being used to the
server.
It isn't the browser's fault, its the spec's fault. See
https://bugzilla.mozilla.org/show_bug.cgi?id=289060#c8
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt,
Matthew Kerle wrote:
> I'm changing jobs soon and the new company uses JBoss (:-<), so
> it may take a while to convince them how good tomcat is ;-p!
IIRC, JBoss used to use Tomcat as its servlet container. Maybe that's no
longer the case.
> B
> From: Emsley, I (Iain) [mailto:[EMAIL PROTECTED]
> Subject: context.xml not being copied across on deployment
>
> When I check the xml files in
> \apache-tomcat-5.5.17\conf\Catalina\localhost, I'm still getting the
> context for Hypersonic rather than MySQL.
A element in conf/Catalina/[host]
> From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED]
> Subject: Re: Register url in ROOT application
>
> I want to be able to register a servlet in the ROOT application
> that will handle request to "/app1". Note that the name space
> "/app1" is already taken up by my "app1" application.
I
Dear Tomcat users,
I'm very new to the Tomcat application and am trying to understand why
my context files are being ignored on deployment. I've had a search in
the mailing archives and read (and tried) the documentation on the
Tomcat site.
I'm trying to get a calendaring system (which also u
Just curious why it requires a filter to be used to set character
encoding when it is set at the app server and form level as UTF8? What
I noticed is it gets translated incorrectly from the form to the
servlet. Is that correct? Is it a low level API that causes this?
Thanks,
Joe
On 8/17/07, David Delbecq <[EMAIL PROTECTED]> wrote:
> 2) download a more recent tomcat (5.0.28 is 3 years old release)
I can confirm that the jsvc packaged with 5.5.23 configures and
builds on a x86_64 SuSE 10.0 system.
HTH,
--
Hassan Schroeder [EMAIL PROTECTED]
-
Hi,
I have installed Tomcat 5.5.23_1 on FreeBSD 6.2. I have used Servlets a
lot in the past but have not used ant. I am now trying to get this
development environment to work. Following the basic portinstall of
Tomcat on FreeBSD I did the following:
1. sudo cp /usr/local/tomcat5.5/server
Hi I'm getting the following exception in tomcat 5.5.23:
Aug 17, 2007 3:31:20 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing request
java.lang.ArrayIndexOutOfBoundsException: -45
at
org.apache.coyote.http11.filters.ChunkedInputFilter.parseChunkHeader(ChunkedInp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark and Joe,
Mark Thomas wrote:
> Joseph Shraibman wrote:
>> Mark Thomas wrote:
>>
>>>request.setCharacterEncoding("UTF-8");
>>
>> Is this always safe? For responses I can (and do) check the
>> accept-charset request [header], but I can't fi
Thanks for all your advice,
Problem sorted now.
I moved the ojdbc14.jar into common/lib only, and set-up a context in the
appname/META-INF/contex.xml. Tomcat still
wouldn't start after renaming ResourceParams to Resource even after I had
validated the xml with an xml validator
tool. In the en
Hi,
I've written a webapp for a portlet container. Within this webapp /
the portlet I can call a link to a servlet. The servlet gets the
session from the portlet container (resp. Tomcat) and do its work.
(Session-sharing between portlets and servlets is working)
This works great when I use the di
1) use another achitecture (x86 instead of x86_64)
2) download a more recent tomcat (5.0.28 is 3 years old release)
3) download a more recent jsvc (http://commons.apache.org/daemon/jsvc.html)
to your choice
En l'instant précis du 17/08/07 12:10, Potri Raaja s'exprimait en ces
termes:
> Hi ,
>
>
Hi ,
I tried to install jakarta-tomcat-5.0.28 in Suse Linux Enterprise Server
10 and when I run the command
/usr/java/jakarta-tomcat-5.0.28/bin/jsvc-src # ./configure
I am getting the following error :
*** Current host ***
checking build system type... x86_64-unknown-li
Nope.
You could write your own db pool init code in a ServletContextListener
and then do anything you want as far as how to store the pool
configuration if you really need to encrypt the password. The standard
tomcat configuration files don't offer any facility for encrypting
passwords thoug
If I remember that correctly:
- if you include it in LD_LIBRARY_PATH, the JVM will add it to
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for the
runtime linker to find the tcnative dependencies apr and openssl
Anyone: correct me if I'm wron
Most browsers will encode the request the same as the page it came from. This
is true for POST variables. I'm not sure about GET query variables.
In the past I found some websites explaining this hidden feature, but don't
have the time to search again.
Ronald.
On Thu Aug 16 20:25:18 CEST 2007
Chuck,
then the docs are quite misleading.
In the 5.5-docs
(http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html) is
said:
n a J2SE 2 (that is, J2SE 1.2 or later) environment, class loaders are
arranged in a parent-child tree. Normally, when a class loader is
asked to load a particul
Is it possible encrypt password on Resource setup?
Thanks
Andew
Hello,
it is my understanding that tomcat uses a valve to detect Throwables
from webapp and redirect to error page. However, in some case, it seems
impossible to redirect to error page:
68937425 [http-8081-Processor14] ERROR
StandardWrapper[/intranet:webdav] - Servlet.service() for servlet
webda
58 matches
Mail list logo
