Hi all;
I am migrating to tomcat 7 from 6.
In tomcat 6 urls like
http://68.169.51.83:8080/gallery/wave_surfing_gallery_thumb_652.jpg;jses
sionid=A859D830090798F238DABADC713C1327 would load an image but in
tomcat 7 I get the following response: The Image "." cannot be
displayed because it cont
If I alter JarFactory to always use FileUrlJar, then my startup is
around 20 seconds faster, i.e. the speed is fully back to that of 7.0.12.
It turns out the issue is the large jars I have in my WEB-INF/lib
directory -- and FileUrlJar is still much faster in this case than using
UrlJar even wi
Dear Sirs,
On Thursday, May 26, 2011 1:14 AM
- From what you have above, "/guess" does not appear to be a valid URL.
You appear to have lost the context path somewhere.
This problem has been resolved. In this case, when JSP("guess.jsp") calls
Servlet("GuessServlet.java"), the absolute path is
Hi,
It is OSX 10.6.7, java 1.6.0_24, tomcat 7.0.14, jk 1.2.31, apache 2.2.19. It
is a one machine with two tomcat instances setup. I am trying to do session
replication testing with the examples webapp. When I shut down one of the
tomcat instances I receive this in the log of that instance:
Well, if it's the spec I guess there's no much to argue. Maybe turn it into
an option, but I already got the feeling of the community. I won't insist as
this is my specific requirement and may not be of use to a wide range of the
community.
Mark, there could be a MIM attack but that's yet another
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rafael,
On 6/21/2011 12:05 PM, Rafael Liu wrote:
> I agree it's kind of a philosophical question but I see some real
> implications. Anyway, for the record, as a quick and dirty fix I set the
> full URL with https schema in /form@action. But the hosti
On 21/06/2011 17:05, Rafael Liu wrote:
> Hey Chris,
>
> as you said, each problem compromise different kinds of things: account vs
> credentials. And I think they have different kind of consequences and can
> be, each one , dangerous its own way. I brought the discussion into the list
> because I
Hey Chris,
as you said, each problem compromise different kinds of things: account vs
credentials. And I think they have different kind of consequences and can
be, each one , dangerous its own way. I brought the discussion into the list
because I thought it was relevant.
Looking at the code, a fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rafael,
On 6/20/2011 8:12 PM, Rafael Liu wrote:
> Good point Chuck. I agree with you, the webapp wouldn't be all secured. But
> there are 2 different things here:
>
> * the issue with the plain password
> * the issue with session hijacking
This does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Calum,
On 6/21/2011 4:26 AM, Calum wrote:
> On 20 June 2011 17:02, Christopher Schultz
> wrote:
>> That depends on what Service.logHit does. If it only uses the
>> HttpServletRequest object during the method's lifetime, then everything
>> is fine. I
Am 21.06.2011 15:33, schrieb Konstantin Kolinko:
2011/6/21 Björn Agel:
Am 21.06.2011 14:59, schrieb Konstantin Kolinko:
2011/6/21 Björn Agel:
H,
In the documentation of Struts 1.3.10 it says they are using
commons-logging
API.
I configured Tomcat to use log4j, so I don't know where the ca
Hi
Appreciate if someone can help me here.
Thanks
Tauqir Akhtar
-Original Message-
From: Tauqir Akhtar [mailto:takh...@jny.com]
Sent: Monday, June 20, 2011 2:10 PM
To: 'Tomcat Users List'
Subject: RE: Tomact 5.5 Clustering
Hi
My Clustering Fails :
SEVERE: Unable to send replicate
Hello,
In servlets 3.0 specification regarding async sockets, setTimeout with 0 or
negative value should be used for infinite timeout (no timeout).
I am not sure if there is a bug or a particular design in Tomcat 7.0.14 (did
not tested with 7.0.16), but when I use setTimeout(0) or setTimeout(-1),
2011/6/21 Björn Agel :
> Am 21.06.2011 14:59, schrieb Konstantin Kolinko:
>>
>> 2011/6/21 Björn Agel:
>>>
>>> H,
>>>
>>> In the documentation of Struts 1.3.10 it says they are using
>>> commons-logging
>>> API.
>>> I configured Tomcat to use log4j, so I don't know where the calls to
>>> Servlet
Am 21.06.2011 14:59, schrieb Konstantin Kolinko:
2011/6/21 Björn Agel:
H,
In the documentation of Struts 1.3.10 it says they are using commons-logging
API.
I configured Tomcat to use log4j, so I don't know where the calls to
ServletContext.log() should come from.
Any ideas?
Search for the
2011/6/21 Björn Agel :
> H,
>
> In the documentation of Struts 1.3.10 it says they are using commons-logging
> API.
> I configured Tomcat to use log4j, so I don't know where the calls to
> ServletContext.log() should come from.
> Any ideas?
Search for the "PropertyMessageResources" string in t
H,
In the documentation of Struts 1.3.10 it says they are using
commons-logging API.
I configured Tomcat to use log4j, so I don't know where the calls to
ServletContext.log() should come from.
Any ideas?
with best regards,
Björn
Am 21.06.2011 12:31, schrieb Konstantin Kolinko:
2011/6/2
Although not recommended you can place the [unziped] classes in
WEB-INF/classes, or use Tomcat /lib. You should really deduplicate your JAR
On Tue, Jun 21, 2011 at 8:05 AM, wrote:
> Hi,
>
> in which order are classes loaded in jars in WEB-INF/lib? Alphabetically?
> By
> date? Unordered?
>
> My p
On Tue, Jun 21, 2011 at 4:02 AM, André Brunnsberg <
andre.brunnsb...@planmill.com> wrote:
> But if the user has the session then he or she can change the user
> credentials
Actually it depends on how application that implement password change.
Usually for changing the password you need to enter
> > in which order are classes loaded in jars in WEB-INF/lib?
> Alphabetically? By
> > date? Unordered?
>
> There is no order.
Thank you.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e
On 21/06/2011 12:05, spr...@gmx.eu wrote:
> Hi,
>
> in which order are classes loaded in jars in WEB-INF/lib? Alphabetically? By
> date? Unordered?
There is no order.
> My problem is:
>
> My WEB-INF/lib contains jar's where on jar contains older versions of a
> classes than the other jar. I wil
Hi,
in which order are classes loaded in jars in WEB-INF/lib? Alphabetically? By
date? Unordered?
My problem is:
My WEB-INF/lib contains jar's where on jar contains older versions of a
classes than the other jar. I will ensure to load the newer versions of the
classes. How can this be done?
Th
Could somebody please point me to an institute which conducts Tomcat
administration training in INDIA (Bangalore)?
Thanks for your help.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail
2011/6/21 Björn Agel :
> Hi there,
>
> I am using Log4j with the following log4j.properties for the Tomcat:
>
> /log4j.rootLogger=INFO, R
>
> log4j.appender.R=org.apache.log4j.RollingFileAppender
> log4j.appender.R.File=${catalina.home}/logs/tomcat.log
> log4j.appender.R.encoding=UTF-8
>
Hi there,
I am using Log4j with the following log4j.properties for the Tomcat:
/log4j.rootLogger=INFO, R
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=${catalina.home}/logs/tomcat.log
log4j.appender.R.encoding=UTF-8
log4j.appender.R.MaxFileSize=2MB
On 20 June 2011 17:02, Christopher Schultz wrote:
> That depends on what Service.logHit does. If it only uses the
> HttpServletRequest object during the method's lifetime, then everything
> is fine. If it retains a reference to the request object, you will
> probably end up with a problem.
Oh, ju
But if the user has the session then he or she can change the user
credentials (of course only for this site unless the password is shown in
the system, which would be really bad) or if the user has enough rights
add a new user which can be used by the hacker.
Remember how easy it is to hijack cook
27 matches
Mail list logo
