Hi All,
I am using Tomcat version 7.00.062 supported on JRE 8u45.
How do i disable the LogJam Vulnerability?
I have added a line in the java.security file of the JRE.
jdk.tls.disabledAlgorithms=DH
Is this good enough? Or do we need to add DiffieHelmann also?
jdk.tls.disabledAlgorithms=DH, Diffie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jessica,
On 8/24/15 11:40 AM, Alten, Jessica-Aileen wrote:
>> The official position of the ASF is that we provide code, not
>> binaries.
>
> Sorry, I can't follow this argument - there are lots of binaries
> in the download area, even for Tomcat a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/24/15 1:19 PM, Sreyan Chakravarty wrote:
> No you don't understand what my question was. Say I do something
> like this-:
>
> String password = request.getParameter("passwd");
>
> long salt = // get salt from SecureRandom
>
> String
On 24/08/2015 16:40, Alten, Jessica-Aileen wrote:
>> The official position of the ASF is that we provide code, not
>> binaries.
>
> Sorry, I can't follow this argument - there are lots of binaries in the
> download area, even for Tomcat and the Httpd flagship.
ASF policy is that we MUST release
No you don't understand what my question was. Say I do something like this-:
String password = request.getParameter("passwd");
long salt = // get salt from SecureRandom
String password = salt + password;
String hash = encrypt(password) // Use some encryption like bCrypt
storeInDb(hash); // Sto
> The official position of the ASF is that we provide code, not
> binaries.
Sorry, I can't follow this argument - there are lots of binaries in the
download area, even for Tomcat and the Httpd flagship.
> We'd love to provide Windows binaries for mod_jk, but they are a real
> pain in the neck to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/24/15 9:24 AM, Sreyan Chakravarty wrote:
> Okay I know how to authenticate an existing user in a Realm. But
> how the hell do you add a new user to the Realm ?
That depends upon where your users are stored.
> For example if a new memb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jessica,
On 8/24/15 4:25 AM, Alten, Jessica-Aileen wrote:
>> The Apache Tomcat Project is proud to announce the release of
>> version 1.2.41 of the Apache Tomcat Connectors. This version
>> fixes one security issue (CVE-2014-8111) and a number of bu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/23/15 2:54 PM, Sreyan Chakravarty wrote:
> I am confused with the functioning of LockOutRealms in Tomcat.
>
> My questions are as follows-:
>
>
> 1. Say user at IP 10.10.10.1 has reached the maximum number of
> invalid login attempt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/23/15 2:36 PM, Sreyan Chakravarty wrote:
> I need to use Container Managed Security and Authentication in my
> latest project. And I have a couple of queries regarding how to
> configure a Credential Handler.
What are your requirements
Okay I know how to authenticate an existing user in a Realm. But how the
hell do you add a new user to the Realm ?
For example if a new member registers on the site, how would I add that to
the Realm ?
> The Apache Tomcat Project is proud to announce the release of version
> 1.2.41 of the Apache Tomcat Connectors.
> This version fixes one security issue (CVE-2014-8111) and a number of
> bugs found in previous releases.
>
> [...]
>
> Downloads:
> http://tomcat.apache.org/download-connectors.cgi
I
12 matches
Mail list logo
