files). This enabled the embedded Tomcat instance to resolve all
referenced classes
thanks again
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
On Fri, 7 Jun 2024 at 15:02, Chuck Caldarale wrote:
>
>
> > On Jun 7, 2024, at 08:11, Christopher Schultz
> > wrote:
>
Thanks Mark
appreciate that the url was for 8.0
With regards to classpath that was my first attempt - unfortunately it
would seem that Tomcat does not support wildcards in the classpath -
for example dirpath/lib/*.jar - at least in version 9.
Dave Breeze
Linkedin:https://uk.linkedin.com/in
ml is
that the Tomcat common loader will search for jars in
CATALINA_HOME/lib. My CATALINA_HOME/lib contains gwt-user-2.10.0.jar
which contains RemoteServiceServlet.class.
Why is the Tomcat common loader not finding this class?
many thanks
Dave Breeze
Link
ricted to a role - I need the servlet to respond
differently based on role. what I have decided to do in the servlet is to
retrieve the user-id from the certificate and determine their role by using
a security product native to the platform on which Tomcat is running
Thanks for your help.
Dave B
called. In my servlet, however, I can retrieve the certificates.
thanks for your help
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
On Sun, 29 Jan 2023 at 22:21, Christopher Schultz
wrote:
>
> Dave,
>
> On 1/28/23 09:28, Dave Breeze wrote:
> > this is Tomcat 9.0 running
ot;javax.servlet.request.X509Certificate") correctly
returns both the certificate from the browser plus the Cert Auth. A
getSubjectX500Principal().getName() call on the browser certificate
returns the cn/o/ou setting that should match with users.xml.
What am I missing here?
Dave Breeze
thanks
i have just done a quick and dirty test - I found a tomcat launcher code I
did as an exercise - quickly modified it to set the handler to a
concatenation. Tomcat launches correctly and uses the ibm safkeyring
thanks again
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
On Fri
ol.handler.pkgs=org.apache.catalina.webresources
$JAVA_OPTS "
then users could use JAVA_OPTS to set the value.
thanks
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
On Fri, 20 Jan 2023 at 12:17, Mark Thomas wrote:
>
> On 20/01/2023 11:18, Dave Breeze wrote:
> > Many thanks Mark for the answer
ctory(URLStreamHandlerFactory)"
Could you please explain further
thanks again
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
On Fri, 20 Jan 2023 at 11:01, Mark Thomas wrote:
>
> On 20/01/2023 09:53, Dave Breeze wrote:
> > T
hat is the syntax
thank you
Dave Breeze
Linkedin:https://uk.linkedin.com/in/dabreeze
I'm having intermittent failures when I deploy to a cluster. I see the
war file sent to slave nodes but it then becomes zero size. It happens
on different nodes and not all the time.
Upon failure, Master node .out shows
SEVERE [Catalina-utility-1]
org.apache.catalina.ha.tcp.SimpleTcpCluster.s
in the documentation - I
was looking at the wrong place.
Thanks very much - got a route forward throug this now
Thanks
Dave
in the tomcat logs - is it possible
to turn up the logging for the manager app to see exactly what
credentials (well, username) is being passed by Edge to it?
Thanks
Dave
o fix that before this recent
> announcement).
Can you point the ill-informed amongst us to any helpful resources you
may have that describe what you mean by 'properly secured'?
Regards
Dave
this via an apache webserver using mod_proxy_ajp?
Only, the current stable release of apache (2.4.41) doesn't support
'secret' AFAIK.
See
https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html
and
https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=53098
Note the above 'bug' in Apache is only 12 years old :-(
Dave
kable and are probably going to isolate the AJP
traffic using a firewall rule via iptables instead of relying on any
intrinsic Tomcat feature.
Dave
Chris,
That was very helpful.
Thank you
Dave
On Fri, Jan 3, 2020 at 5:29 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Dave,
>
> On 1/3/20 13:47, Dave Bothwell wrote:
> > I am using Tomc
changed maxActive to maxTotal.
Also, I am currently using both attributes maxActive and maxTotal in my
current server.xml file, which does not appear to be causing any issues.
my question is which attribute should I be using?
Thanks
Dave
--
<https://www.primepoint.com/>
David Bo
lthough
> I doubt any improvement is measurable).
And definitely no subtle bug introduced at the same time.
It would be painfully ironic were it so.
--
dave thorn
Bad to the bone.
-
To unsubscribe, e-mail: users-unsubscr...@t
On Sun, Sep 01, 2019 at 08:51:47AM +, Mark Thomas wrote:
> On August 31, 2019 7:31:12 AM UTC, Dave Thorn wrote:
>
> >There is also a haproxy between client and server. You wouldn't think
> >it goes fiddling around in the middle of a response, thought. I'm
>
obvious why I sometimes had to, but generally
didn't.
--
dave thorn
Would you like green eggs and the fundamental condition of yearning
for meaning in a world devoid of it?
-
To unsubscribe, e-mail: users-unsubscr...@tomc
On Sat, Aug 31, 2019 at 05:13:06AM +, Mark Thomas wrote:
> On August 30, 2019 8:34:02 PM UTC, Dave Thorn wrote:
> >
> >That looks, to me, like the stream is missing the [\r][\n] between the
> >B50 chunk and the 3FC0 count.
> >
> >I'm not clear on where
ate$ResponseEntityResponseExtractor.extractData(RestTemplate.java:709)
at
org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:527)
--
dave thorn
Hi, I'm from the Internet.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Did you reviewed the localhost_access log file. Which web-application is
using tomcat the most ?
On Thu, Aug 8, 2019 at 9:53 AM Eric Robinson
wrote:
> We have a farm of VMs, each running multiple instances of tomcat (up to 80
> instances per server). Everything has been running fine for years, b
or release (say 8.5.40) over the
existing installation of (8.4.32) over an existing Catalina_Home?
Or should I simply bite the bullet, rework my puppet code to deploy the
instances outside of Catalina_Home and wipe C_H before redeploying it
with a newer version?
or release (say 8.5.40) over the
existing installation of (8.4.32) over an existing Catalina_Home?
Or should I simply bite the bullet, rework my puppet code to deploy the
instances outside of Catalina_Home and wipe C_H before redeploying it
with a newer version?
Regards,
Dave
Sent from my iPhone
> On Nov 13, 2018, at 9:36 AM, Christopher Schultz
> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
>> On 11/13/18 10:39, André Warnier (tomcat) wrote:
>>> On 13.11.2018 13:32, Rémy Maucherat wrote:
>>> On Mon, Nov 12, 2018 at 12:49 PM Mark Thom
some kind managing where
requests go. If you do then you should carefully shutdown and restart each
server one at a time.
(I started following this type of approach since Tomcat 3.3 on multiple top
level domains.)
Regards,
Dave
> On Jul 23, 2018, at 9:57 AM, M. Manna wrote:
>
> I am
Hello Team and Tomcat users,
I am trying to gather more information and the effect of parameter
"sessionCacheSize" in server.xml for a ssl connector.
I see this from the documentation "The number of SSL sessions to maintain
in the session cache."
If i do not add this parameter...my tomcat slows do
and Tomcat
does not have permission to replace the old version owned by root.
Without the OP providing configuration details it is difficult to know, but
this is what I have found.
Regards,
Dave
> On Mar 5, 2018, at 1:30 PM, Leon Rosenberg wrote:
>
> Hello,
>
> can you explai
Thanks, that is pretty clear and unambiguous, as is "The name of
the parameter must be jsessionid." When the spec is in conflict with itself,
I'm happy to consider Tomcat the reference implementation.
The reason a session cookie name had to be specified in the first place was
because we initiall
This text is based on a stackoverflow question I posted earlier today:
https://stackoverflow.com/questions/48600576/jsessionid-as-path-parameter-not-working-in-tomcat/48602272
I'm using Tomcat 7.0.84, and my web app uses the Servlet 3.0 deployment
descriptor. The web.xml file contains this:
localhost_access.log continue to work like before.
May I know how and from where to start debugging this?
I have verified logging.properties, there is no issue with it.
Any help will be appreciable.
-Thanks
Dave
On Mon, 2017-10-30 at 09:15 -0400, Christopher Schultz wrote:
> Dave,
>
> Can you please post your and associated elements from
> conf/server.xml -- minus any secrets that may have crept in there?
> Also, what does your network look like? Any intermediates such as
> load
>
ed.
Before I make this post too long and post my server.xml code, could
someone advise me as to what I should be looking for, or what these
messages suggest? Any pointers at this stage would be grateful as I'm
unsure even what a working cluster should look like.
Thanks
Dave
in advance.
-Utkarsh Dave
ssues. Always
worked with the project distros since Tomcat e.
Regards,
Dave
Sent from my iPhone
> On Jun 9, 2017, at 1:55 PM, Tou Vue wrote:
>
> Found out this is working as designed.
>
> You can follow the link to where I answered my own question...
> https://stackoverflow
Actually, it looks like the error I pasted above was actually my embedded
tomcat not being able to find tc-native.
Sorry for the noise, I will respond if/when I run into a different/"real"
problem.
--Dave
On Tue, Jun 6, 2017 at 2:41 PM, Dave Neuman wrote:
> Hey all,
> I was won
don’t have a keystore configured in my
server.xml, so tomcat tries to use the default ~/.keystore which causes
issues at about the time it tries to get the IMPLEMENTED_PROTOCOLS_SET in
OpenSSLUtil. Like I said earlier if I switch to JSSEUtil, things work as
expected.
Any thoughts?
Thanks,
Dave
Hello Violeta,
Thanks for the update. We just picked 7.0.76.
Wanted to know if there is an important fix in 7.0.77 version and can users
face issue if they chose to be on 7.0.76.
Just wanted to know if any particular reason because release time between
76 and 77 is short?
-Dave
On Mon, Apr 3
Hi Chris,
Thanks for the response.
On Fri, Mar 31, 2017 at 10:16 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Utkarsh,
>
> On 3/30/17 3:34 PM, Utkarsh Dave wrote:
> > What makes you say th
r 30, 2017 at 10:43 AM, André Warnier (tomcat)
wrote:
> On 30.03.2017 19:36, Utkarsh Dave wrote:
>
>> Thanks Olaf and Suvendu for the response.
>> We are using 1.2 MB of heap size which is enough and haven't created an
>> issue so far.
>>
>
> I suppose we
Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Utkarsh,
>
> On 3/29/17 7:33 PM, Utkarsh Dave wrote:
> > Hello all,
> >
> > My tomcat (7.0.72) hosts several web aplications in the server
> > (ba
or Tomcat
> process.
>
> As Olaf indicated, you can try to increase heap size and see if the
> problem goes away. But before that, I am curious to see what heap and
> GC settings you are using. Please post that info.
>
> Thanks!
> Suvendu
>
> On Thu, Mar 30, 2017 at 2:01
Hello all,
My tomcat (7.0.72) hosts several web aplications in the server (based in
linux 6.8).
There are many clients or 3rd party applications working as client to my
server (having tomcat and web applications).
There are instances when poorly designed client application can affect
severly to To
Please ignore my previous mail. I got the correct one
https://tomcat.apache.org/security-7.html
On Sun, Nov 27, 2016 at 6:41 PM, Utkarsh Dave
wrote:
> Hi All
>
> This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to
> 9.0.0.M11" on another url htt
Hi All
This vulnerability (CVE-2016-6816) is said to be "Affects: 9.0.0.M1 to
9.0.0.M11" on another url https://tomcat.apache.org/security-9.html.
But in the mail it says Tomcat 7 is also affected.
Does this vulnerability affects version 7.0.72
-Regards
Utkarsh
On Tue, Nov 22, 2016 at 1:42 AM, M
comms - maybe and IIS
connector to Tomcat would accomplish the same ?
As I mentioned before I’m a bit of a novice with the server config.
Dave
> On 4 Oct 2016, at 11:29, André Warnier (tomcat) wrote:
>
> On 04.10.2016 09:53, Garratt, Dave wrote:
>
>>> On 4 Oct 2016, at
.
Dave
> On 4 Oct 2016, at 10:58, Olaf Kock wrote:
>
>
> Am 04.10.2016 um 11:23 schrieb Kreuser, Peter:
>> In my opinion weakening the security of the majority of users (there are
>> seemingly others) is a pretty bad thing to do. My suggestion would be a
>> differen
.
Thanks for the suggestion though.
Dave
> On 4 Oct 2016, at 08:48, André Warnier (tomcat) wrote:
>
> On 04.10.2016 09:38, Garratt, Dave wrote:
>> I have Apache Tomcat 8 working ok with https when I connect to my web page
>> using a recent browser (desktop) or iPhone for
would
be most appreciated.
Many thanks
Dave G
Thanks a lot Chris and Violeta.
On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave
wrote:
> Hi All,
>
> My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
> We have been using BIO connectors.
> 1. I need help to find out how to provide user specified DH parame
Thanks.
By DH I mean "Diffie-Hellman parameters (secure DH-Cipher)".
On Wed, Aug 17, 2016 at 3:31 PM, Violeta Georgieva
wrote:
> Hi,
>
> 2016-08-17 11:29 GMT+03:00 Utkarsh Dave :
> >
> > Hi All,
> >
> > My project is using tomcat 7.0.70, JDK 1.7.0_10
Hi All,
My project is using tomcat 7.0.70, JDK 1.7.0_101 and is based on linux OS
We have been using BIO connectors.
1. I need help to find out how to provide user specified DH parameter to
tomcat.
2. What all ciphers are categorized under modern ciphers ?
Thanks for your time in advance.
-Utkar
karsh
On Fri, May 20, 2016 at 4:51 PM, Mark Thomas wrote:
> On 20/05/2016 12:18, Utkarsh Dave wrote:
> > Hi Mark - Thanks.
> > SSLHonorCipherOrder, cna it be configured on Tomcat ?
>
> There would not have been much point telling you about a configuration
> option you
Thanks Mark.
It appears it is client (3rd party which requests to tomcta) to choose the
cipher while negotiating. We can use SSLHonorCipherOrder
to enforce the server's cipher order.
I guess i got my answer.
-Thanks
Utkarsh Dave
On Fri, May 20, 2016 at 4:51 PM, Mark Thomas wrote:
>
ish.
>
> Mark
>
>
> >
> > JD
> >
> > 2016-05-20 12:50 GMT+02:00 Utkarsh Dave :
> >
> >> Sorry, I missed that information in my earlier mail.
> >> Tomcat - 7.0.69 configured for SSL
> >> Connector - APR
> >> Java - jdk
16-05-20 12:50 GMT+02:00 Utkarsh Dave :
>
> > Sorry, I missed that information in my earlier mail.
> > Tomcat - 7.0.69 configured for SSL
> > Connector - APR
> > Java - jdk1.7.0_101
> >
> >
> > On Fri, May 20, 2016 at 4:10 PM, Mark Thomas wrote:
>
Sorry, I missed that information in my earlier mail.
Tomcat - 7.0.69 configured for SSL
Connector - APR
Java - jdk1.7.0_101
On Fri, May 20, 2016 at 4:10 PM, Mark Thomas wrote:
> On 20/05/2016 11:37, Utkarsh Dave wrote:
> > Hi Users and Tomcat team,
> >
> > Port
Hi Users and Tomcat team,
Port 8443 on my product is configured for Tomcat and accepts inbound
traffic from 3rd parties.
In the TLS handshake, Tomcat chooses TLS_RSA_WITH_AES_256_CBC_SHA over some
of the more secure cipher options offered by the 3rd party. The
3rd party offers a list of 66 cipher
Correcting the text if it is confusing.
"XXX,YYY and ZZZ do not get copied from /usr/local/webapps to
Tomcat/webapps after tomcat upgrade as i do not see above logs. And so i
feel no installation happens. What can be probable reason
On Fri, May 6, 2016 at 11:09 AM, Utkarsh Dave
wrote:
Hi Tomcat users and owners,
I upgraded to tomcat 7.0.69 from 64 and noticed that some of the web
applications do not get deployed.
After verifying i noticed that with tomcat 7.0.64, manager.log file use to
populated with these additional logs where as it is not seen in new Tomcat.
May 05, 2016 6:
Good to know! Thanks George!
From: George Sexton
To: Tomcat Users List
Sent: Tuesday, April 26, 2016 4:06 PM
Subject: OT: Re: Order of attributes significant in zipfileset?
This isn't as bad as the delete task.
If you specify dir and file, it will delete everything in dir, not ju
From: "Caldarale, Charles R"
To: Tomcat Users List ; Dave Glasser
Sent: Tuesday, April 26, 2016 2:32 PM
Subject: RE: Order of attributes significant in zipfileset?
>> From: Dave Glasser [mailto:dglas...@pobox.com]
>> Subject: Order of attributes sig
I discovered this in ant 1.6.5, and found that it still behaves this way in
1.9.7.
If you have a element with both a dir and a file attribute, it
will produce different results depending on the order in which those attributes
appear. If the file attribute appears first, it behaves as you would
Thanks again. That helped and all good with compilation now.
On Wed, Apr 20, 2016 at 12:50 PM, Violeta Georgieva
wrote:
> Hi,
>
> 2016-04-20 10:11 GMT+03:00 Utkarsh Dave :
> >
> > Hi Violeta,
> > I receive a compilation error with new tomcat
> > java.lang.NoClas
error
On Tue, Apr 19, 2016 at 11:47 AM, Utkarsh Dave
wrote:
> Thank You
>
> On Mon, Apr 18, 2016 at 5:45 PM, Violeta Georgieva
> wrote:
>
>> The Apache Tomcat team announces the immediate availability of Apache
>> Tomcat 7.0.69.
>>
>> Apache Tomcat is an ope
Thank You
On Mon, Apr 18, 2016 at 5:45 PM, Violeta Georgieva
wrote:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 7.0.69.
>
> Apache Tomcat is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Expression Language and Java
> We
Hi Tomcat team,
I am looking for below fix
http://svn.apache.org/viewvc?view=revision&revision=1734262
The fix will be available in 7.0.69.
Is there a date for the new release yet...
-Thanks
Utkarsh
HiVioleta,
Our application has a very similar problem after upgrade to tomcat 7.0.67/68
and it seems space in between url attributes was the issue while using
response.sendRedirect.
Currently we have hold off the upgrade until all web application teams find
the affected pages and rectify there code
rstood that why suddenly when everything works fine,
one odd day the UTC time zone starts displaying.
On Tue, Mar 22, 2016 at 8:25 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Utkarsh,
>
> On 3/22/16 2:40 AM, Utkarsh Dave wrote:
> > We are having this weird i
Hi Users and Tomcat team,
We are having this weird issue seen in all the web application pages where
time gets changed to UTC after some days.
As a workaround it works fine until Tomcat is restarted, but after some
days time in UTC is seen again. This is regardless of any time/time zone
configured
SSLv2Hello
handshake started failing in newer versions of tomcat
On Fri, Feb 19, 2016 at 8:56 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Utkarsh,
>
> On 2/19/16 7:05 AM, Utkarsh Dave wrote:
>
I upgraded my tomcat from 7.0.53 ( that was having SSL protocols enable) to
7.0.67 (that has by default SSL protocols disable).
To re enable support for SSLv3 and SSLv2, i modified the server.xml inside
$TOMCAT_HOME/conf to replace sslProtocol="TLS" with
sslEnabledProtocols="SSLv2,SSLv3,TLSv1"
I
You can take the source code for RemoteIPFilter and have it look at the
X-Forwarded-For header.
Even better offer a patch to RemoteIPFilter to allow the header field name to
be configured.
You are not the only one with this use case.
Regards,
Dave
Sent from my iPhone
> On Feb 15, 2016,
You can enable jvm level TLS debug: -Djavax.net.debug=all
See this site for more information:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com | dave.tauz
X
If you want to rename a column:
1. Deploy new version of app that writes data to old column name + new name
2. shutdown old version
3. drop old column
We generally test out our old version of an app running against the new
database schema to make sure this process will work.
-Dave
-Ori
The # character is a special character in URLs to signify a "fragment":
https://en.wikipedia.org/wiki/Fragment_identifier. If you don't want it
treated as such then you do need to escape it.
-Dave
Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.
Thank You Mark
On Wed, Nov 25, 2015 at 4:39 PM, Mark Thomas wrote:
> On 25/11/2015 10:50, Utkarsh Dave wrote:
> > Hello,
> >
> > I need inputs/answers on below points to implement a secure session
> > management application
> > Or if there is there any configura
using session ID to keep authentication state and track user progress
within a web application, the application MUST treat the session ID as
untrusted data,
and sanitize and validate it before use.
Thanks a lot for your time.
Utkarsh Dave
GCs or really long GC times.
The VisualVM tool can call the above utilities and show GC info in a graphical
manner. It might be easy to use depending on the network between your app and
where you run VisualVM.
-Dave
-Original Message-
From: Cohen, Laurence [mailto:lco...@novetta.com
That's pretty neat. Good to know about.
-Dave
Dave Tauzell | Senior Software Engineer | Surescripts
O: 651.855.3042 | www.surescripts.com | dave.tauz...@surescripts.com
Connect with us: Twitter I LinkedIn I Facebook I YouTube
-Original Message-
From: Christopher Schultz [mail
rt in it.
2. If your application does HTTP redirects, then you need to setup the reverse
proxy to re-write those (not an issue, but something you need to configure).
-Dave
-Original Message-
From: Kikkeri, Amith [mailto:amith.kikk...@aig.com]
Sent: Monday, November 16, 2015 9:22 AM
To: To
If you can reproduce this problem in your development environment and you
cannot track down the reason then try out the free version of App Dynamics:
http://www.appdynamics.com/lite/.
-Dave
-Original Message-
From: David E. Filip [mailto:dfi...@colornet.com]
Sent: Monday, November 16
ink you could run on the Tomcat server itself:
http://wiki.apache.org/tomcat/ServletProxy. You won't be able to hide the
port with these however.
-Dave
-Original Message-
From: Kikkeri, Amith [mailto:amith.kikk...@aig.com]
Sent: Monday, November 16, 2015 9:11 AM
To: Tomcat
You are right. I removed our webaps and now I don't see those ports in use. I
will do more digging, though, because when I run using an embedded Jetty
webserver I don't see them.
I'll reply back if I have any more questions.
Thanks,
Dave
-Original Message-
Fro
tening on these ports and if I can disable them?
Thanks,
Dave
This e-mail and any files transmitted with it are confidential, may contain
sensitive information, and are intended solely for the use of the individual or
entity to whom they are addressed. If you have received this e-mail in error,
Hello,
In tomcat 7
I wanted to know if there is a way we can log the number of request
dispatcher threads used/busy/blocked, in log files. Or is there a mechanism
that logs the number of request threads so that user can be warned about
the request dispatcher threads if too many are being in busy st
va
"In production environments there are features of Tomcat that don't pass
security audit reviews"
http://websphere.sys-con.com/node/393364
Encrypting database passwords (in Tomcat)
http://www.jdev.it/encrypting-passwords-in-tomcat/
Regards
Dave Cronin
Dave Cronin | Software Qualit
Thanks a lot Mark.
On Thu, Jul 30, 2015 at 11:50 AM, Mark Thomas wrote:
> On 30/07/2015 07:18, Utkarsh Dave wrote:
> > Hi All,
> >
> > My application has a custom reporting valve in server.xml
> >
> >> errorReportValveClass="com..valves.Cu
Hi All,
My application has a custom reporting valve in server.xml
But when I try to access https:///manager
I get normal error window page of (the tomcat error page is at
/tomcat/webapps/manager/WEB-INF/jsp/403.jsp
"
403 Unauthorized
You are not authorized to view this page. If you have
Hi Mark,
Yes, this is exactly our concern. I was hopping there would be a setting
or option we can configure to disable the creation of these folder / files.
I will check with Lucee folks.
-DaveH
On 5/19/2015 11:28 PM, Mark Thomas wrote:
On 20/05/2015 04:40, Dave H wrote:
I have lucee
I have lucee (coldfusion) and tomcat7 setup on a windows server 2008r2.
I have a wildcard DNS pointing to the server so any subdomain will
forward to main site. for example bob.mydomain.com will forward to
mydomain.com via the wildcard DNS entry.
My question is when I go to the site in this e
Thank you Christ.
On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Utkarsh,
>
> On 2/13/15 12:39 AM, Utkarsh Dave wrote:
> > Need your thoughts and comments on the re
Thanks Chris.
Any other thoughts?
On Fri, Feb 13, 2015 at 10:03 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Utkarsh,
>
> On 2/13/15 12:39 AM, Utkarsh Dave wrote:
> > Need your thoughts a
Hi all,
Need your thoughts and comments on the requirement where we need to
log/capture information when TLS sessions are setup, the logs will be
logged to indicate successful or failed connection establishment or even
connection being disconnected.
RequestDumperFilter is one way but that will
I don t think you will achieve what you want to via disabling SSL protocol
using sslEnabledProtocols.
The vulnerability "I think it is due to vulnerability in ssl 3.0 issue."
will not stop access to the application.
You may want to revert your changes back, and check the firewall settings
or anythi
Thanks for the response.
So would the desired changes in server.xml will be
sslEnabledProtocols="SSL,TLS"
-Thanks
Utkarsh
On Tue, Jan 6, 2015 at 1:47 PM, Mark Thomas wrote:
> On 06/01/2015 07:46, Utkarsh Dave wrote:
> > Hi Team,
> >
> > My project is planning t
Tomcat 7.0.57, is there any similar
configuraion change available, through which we can re enable SSL protocols
again.
Please let me know if my question is not clear.
-Thanks
Utkarsh Dave
oe...@gmail.com> wrote:
> On Sun, Nov 2, 2014 at 10:09 AM, Utkarsh Dave
> wrote:
>
> > Is there any other way to disable SSL in Tomcat 6.
>
> How many ways do you need? The process described in this thread
> works as indicated with 6.0.37.
>
> --
> Hassan Schroeder
1 - 100 of 403 matches
Mail list logo
