I'm really sorry to post birthday-congrats into this list, however:
One of the dinosaurs and most helpful souls of this list is enjoying
his birthday today, if I'm not mistaken.
Therefore, Chuck, all the best and have a great day!
Besides, thanks again for all the help you've provided to this li
Hi Chris,
first, thanks for your answer, I really do apprecciate it!
On Thu, Apr 28, 2011 at 5:00 PM, Christopher Schultz
wrote:
>
> Gregor could cheat and write a session-data-fetch servlet in the "main"
> webapp and call it from the ancillary webapp. Just use URL-based session
> ids when you c
Hi there,
somehow I'm stuck here:
We do have a pre-packaged Tomcat 6 which contains our new CMS, running
on Gentoo Linux.
The ROOT-app contains the aboved mentioned CMS.
Now I do have to integrate some legacy servlets residing each in it's
own Context, and for aurthorization-issues I have to ac
Mladen,
On Thu, Dec 2, 2010 at 12:37 PM, Mladen Turk wrote:
> On 12/02/2010 12:05 PM, Gregor Schneider wrote:
>
> If your developers need to see the stdout of the Tomcat
> on the production server then you have a serious problem.
> The first one that I find (well funny) is that
Chris,
On Wed, Dec 1, 2010 at 10:10 PM, Christopher Schultz
wrote:
>
> I agree with Mladen: MySQL doesn't actually need root privileges for
> anything at all, so this is a good description of your desires, but not
> a really great example.
>
Tomcat doesn't root-privileges either in our situation
Hi André,
long time no see ;)
On Wed, Dec 1, 2010 at 12:20 PM, André Warnier wrote:
>
> As far as I know, these startup scripts are created by the packagers of
> Debian, RedHat etc.. when they wrap Tomcat in a platform-specific package.
> /They/ are the ones who decide how they call up jsvc, whe
Christopher,
On Tue, Nov 30, 2010 at 10:33 PM, Christopher Schultz
wrote:
>
> Apache httpd acts this way:
>
Sure, since Apache is usually started within root-context ("sbin") -
so that does make sense.
When talking about servers, I'm not talking about a webserver but a
server such as Debian, Red
Konstantin,
On Tue, Nov 30, 2010 at 9:42 PM, Konstantin Kolinko
wrote:
>
> The above one is tomcat-native, aka Tomcat-Apr,
> a library that provides code for Http11AprProtocol and AjpAprProtocol
> connectors.
>
> This one is commons-daemon, which gives you jsvc.
>
> http://commons.apache.org/daem
Mladen,
Believe it or not, this is intentional and correct behavior.
Almost any server behaves like that.
thanks for sharing your views on this one, which I, however, do not share at
all
besides, no server behaves like you're stating:
if an application is started in a non-root-context and prod
Hi guys,
we had some issues due to a memory-leak here and used this opportunity
to upgrade our Tomcat from 5.5.20 to 5.5.31.
Here's our current environment:
tom...@www2:~/local/tomcat55/bin$ ./version.sh
Using CATALINA_BASE: /home/tomcat/local/tomcat55
Using CATALINA_HOME: /home/tomcat/local
2010/6/18 Mikolaj Rydzewski :
> Luca Gervasi wrote:
>>
>> i can read my /etc/passwd from a malicious jsp.
>> Where can i find infos on limiting filesystem access / visibility ?
>>
>
1st thing to do:
run tomcat as user "tomcat" (or whatever username u like) with
limited rights - that should at le
Pid,
I believe the problem here is that Fiona tried to use
File=$\{logs\}/stdout.log
However, this will only work if an environment-variable "logs" is
defined - which is IMHO no default configuration.
Cheers
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp:
is the environment-variable $logs specified?
rgds
gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi
-
Have a look at www.jahia.org.
It's a really powerful java based CMS, setup procedure is a walk in
the park. Beside the EE-version ($$$) there's a community-edition for
free, having most of the features of the EE edition. They have a big
community, so support's also there.
Cheers
Gregor
--
just
Sorry if I drop in here getting a bit off-topic, howver:
On Mon, May 17, 2010 at 1:54 PM, Pid wrote:
> On 17/05/2010 12:36, Stephen . wrote:
>
> HTTPD can handle authentication, or Tomcat can, but not both at the same
> AFAIK. The AJP Connector will need it's 'tomcatAuthentication'
> attribute
On Wed, May 12, 2010 at 7:21 PM, o-rabbit wrote:
>
> I am glad everyone does not think like you do!
>
FYI:
André is well know to this group as one of the persons trying their
very best to help anybody having problems regarding Tomcat.
If you didn't receive any answer helping you out of your mise
On Wed, May 12, 2010 at 3:51 PM, o-rabbit wrote:
>
> Is there something more I need to do??
>
yes: read the clustering-how-to:
http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html
rgds
gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA52680702679
On Tue, May 11, 2010 at 10:28 AM, Gregers Blach wrote:
> Hi all,
>
>
> 1. No one recommends running PHP on Tomcat. Instead running httpd is
> recommended.
>
right
>
> 2. No one is able to provide me with a guide for setting up Tomcat to run
> PHP. I guess this must be because no one does this...
On Tue, May 11, 2010 at 7:53 AM, Gregers Blach wrote:
>
> PHPMyAdmin would be a very nice add-on in order to better support MySQL
> databases.
>
...and likely to dig a few security wholes...
if you really, really want to go for php, esp. PHPMyAdmin, be sure to
configure it to listen on localhost
No idea if it has to do with your problem, but
On Mon, May 10, 2010 at 2:21 AM, red phoenix wrote:
> Info: validateJarFile(Q:\Tomcat\webapps\MyApp\WEB-INF\lib\servlet-api.jar) -
> jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class:
> javax/servlet/Servlet.class
get rid of t
Provided your logfiles are rolling daily:
echo Number of errors i file: `grep "ERROR" [logfilename here] | wget -l`
as a start.
Seriously:
Analyze your requirements and have somebody write a small script which
you put into your crontab. Said script can be a simple one or as
complex as you like
On Fri, May 7, 2010 at 9:11 PM, Yucca Nel wrote:
> modify serve.xml but how will I do this in production?
load server.xml into any editor of your choice, change it, restart
tomcat, that's about it
> loads od support
what's that supposed to be?
rgds
gregor
--
just because you're paranoid, don
Marc,
what gives if you call http://192.168.0.6:8080?
Rgds
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi
---
Could you please come back on that issue next week?
My crystal ball is just out for maintenance, and without it I'm not
able to read your logs containing the error-message...
Rgds
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE
Just a shot from the hip:
When you run TC from the comand-line, I figure you're using
startup.bat, right? So, maybe there are some env-variables set in this
script (or catalina.bat, classpath.bat), which are not set when
running tomcat.exe as a service?
Forget my comments in case you're running t
Karthik,
*If* any OutOfMemoryError occurs within Tomcat, the reason for said
error will be some faulty webapp, meaning it is likely to crash any
other servlet-container, too.
Therefore, stick to the rules I pointed out above, and you'll be fine:
> Make sure you have some solutions ready in case
Karthik,
AFAIK there is no study telling the likeliness of any web- /
application-server to crash.
If there wer such a study, you'd have to specify a 'lot' of possible
crash-scenarioes - startung at misbehaviour of admins, ddos, bad
webapps etc.
Make sure you have some solutions ready in case of
On Tue, Apr 20, 2010 at 3:00 PM, Shinan Kassam wrote:
>
> I currently have custom authentication working using JDBCRealm. Hence, I
> have some database parameters in server.xml as well as my application. Is it
> possible to use a portion of the URL as a parameter to connect to a
> different databa
On Tue, Apr 20, 2010 at 12:54 PM, banto wrote:
>
> Hi,
>
> i know this can be a silly question but i have the following issue:
>
> i want to call my web app with a standard URL as http://host:port/myString
>
how does the url look like when you call your webb-app currently?
how would you like the
On Tue, Apr 13, 2010 at 7:46 PM, Jon Brisbin
wrote:
> We use automatic restarts on OutOfMemory errors and it works fantastically. I
> don't do it the way described here, though. I use the JVM's
> -XX:OnOutOfMemoryError option. I add the following to CATALINA_OPTS:
>
> -XX:OnOutOfMemoryError=/usr
Don't know if you guys are aware of it, but the above mentioned system
have been compromised.
According to their blog
(https://blogs.apache.org/infra/entry/apache_org_04_09_2010), the ASF
infrastructure-team recommends to change your passwords for said
systems.
Rgds
Gregor
--
just because you'r
You can telnet port 80 without any problems? Well, that means there's
some application running using port 80, otherwise you wouldn't be able
to telnet on port 80.
What gives "netstat -a"?
Rgds
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA5268070267
What do you wnat to test specifically? JSPs? Servlets? or just some
common Java classes being used by a Servlet / JSP?
Rgds
Gregor
--
just because you're paranoid, don't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de
Hi Mark,
On Thu, Apr 8, 2010 at 1:48 PM, Mark Thomas wrote:
> On 08/04/2010 12:12, Gregor Schneider wrote:
>> Anybody has an idea what I might be missing here?
>
> That Java Heap Space + Perm Gen Space < OS process Space
>
> You are missing the memory used for:
> - na
Hi there,
we do observer a strange behaviour of memory-consuption when running
Tomcat within native mode (via jsvc).
First, our configuration:
Using CATALINA_BASE: /srv/someServer/catalina_base
Using CATALINA_HOME: /srv/someServer/catalina_base
Using CATALINA_TMPDIR: /srv/someServer/catalina
did you set the environment-variable LD_LIBRARY_PATH?
cheers
gregor
---
just because you're paranoid doesn't mean they're not after you...
Am 19.03.2010 um 18:43 schrieb blargy :
>
> I was able to build and install APR (from the Tomcat bin dir) into
> /usr/local/apr/lib and I added the followin
ah. come on, chuck, why's that everyone is picking on my nick? *sic*
i'm reading and posting from my mobile, which is why i may have not
seen andre's post
cheers
gregor
---
just because you're paranoid doesn't mean they're not after you...
Am 19.03.2010 um 18:16 schrieb "Caldarale, Charles R"
:
Correct me if I'm wrong, but afaik ICD-10 is nothing but a code
describing the hierarchy-structure of disorders like asthma, hayfever,
cancer etc issued by the WHO.
I do not see how Tomcat or any other web- / application-server should
support such a standard: It's the application (here: servlet or
I'm a bit puzzled:
In your previous tests it looked like that Apache is "outperforming"
(ok, not really) Coyote w APR when the files grew bigger.
In your last results I can't see that pattern - actually, I don't see
/any/ pattern...
Any idea how come?
Cheers
Gregor
--
just because your parano
hm, there are only two possible scenarioes I can think of:
- either the key-combination is somehow intercepted in the
swing-app I was using (actually pretty unlikely)
- german keyboard might interfere
but only with 1.6?
strrange...
cheers
gregor
--
just because your paranoid, doesn't m
Hi Chuck,
is he running TC as a service? I couldn't find any information on that
in the post - otoh, as Rainer pointed out, my eysight seems not to be
the best...
Just tested it with a sample Java-Swing-Application:
- getting a thread-dump with on JDK 1.5, don't get it
with JDK 1.6 - hm, strang
Thread-Dump on Windows:
If I'm not mistaken, the key-combination should do the
trick on /most/ JVMs
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://p
Hi Rainer,
On Mon, May 18, 2009 at 9:35 PM, Rainer Jung wrote:
>
> The error means: you told mod_jk to use it, but you forgot to define it.
>
>> All vhost-definitions within Apache are alike when it comes to the
>> jk-specs, thus I'm just posting a sample vhost-definition:
>>
>>
>> [ ...]
>
Hi guys,
I'm about to update an old Tomcat-instance (5.5.quite_old) to the
latest 5.5, also I'm about to update an outdated mod_jk to the latest
version.
The old config of mod_jk had quite some depricated directions
included, so I changed them (opefully) according to the doc I found
here:http://t
hi guys,
i'm wondering where - except from the source - i could find the
information of what the log-format-parameters actually mean.
example:
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
that's the default format-string, however, in the docs
(http://tomcat.apache.org/connectors-doc/reference/prin
Pid,
On Thu, May 7, 2009 at 2:01 PM, Pid wrote:
> Alternative:
>
> I don't have this to hand anymore since the original site was changed
> and I'm not the dev for it anymore, but we put a frame-busting
> javascript on the login page instead, it loaded our preferred start URL
> instead of just bus
Chris,
On Thu, May 7, 2009 at 4:07 AM, Christopher Schultz
wrote:
>
> A few questions:
>
Chris, maybe you'll get the hang of this Valve if I explain the
business-requirement I had:
My primary target was to cirumvent the problem having a framed
web-app, where some content is requested after the s
I've suggested a patch to issues.apache.org which might be helpful if
Sid wants to implement his own Valve.
My patch is a new valve, which diverts the call to a pre-defined URL
if j_security_check is called (I had to circumvent the fact that after
j_security_check Tomcat is always forwarding to th
Whish I could have made it to London, however, since I'm packed here
like never b4 and - most important - my wife is due with our first kid
within the next couple of weeks, I earned a few vetoes :(
And concerning why it's quiet on the list:
In most European countries today is labour-day meaning a
Thing is, that we have multiple boxes (Debian) running with multiple
hosters, so every layout of those boxes is different (i.e. one has
Tomcat in /var/lib, the other one in /usr/local, next one in
/home/apps/tomcat).
Since *some* of our servlets (i.e. our own SSO-mechanism) are runnung
in all boxe
Hi guys,
I know it's not a real Tomcat-topic, however, it's close to and I'm
wondering if anyone on this list might come up with some kind of a
smart solution.
Most of you may know the typical first lines of any log4j.xml-config-file:
So far, so bad.
Why bad?
Because every bloody servlet ne
On Sun, Apr 19, 2009 at 9:43 PM, Caldarale, Charles R
wrote:
>
> How about pointless? Somewhat akin to debating the number of angels that can
> dance on the head of a pin.
>
Why pointless? The answer is obvious: 42
scnr...
Gregor
--
just because your paranoid, doesn't mean they're not after y
Hi Mark,
On Thu, Apr 16, 2009 at 12:44 PM, Mark Thomas wrote:
>
> The conference organisers took copies of our slides and promised us they
> would upload them for us. Oh well. I uploaded mine myself. I'll see if
> Filip can do the same.
>
well, on some talks the guys having the chair made sure t
Hi André,
On Thu, Apr 16, 2009 at 1:15 PM, André Warnier wrote:
> Mark Thomas wrote:
> [...]
> How about a session like :
>
> "Everything you always wanted to know about connecting Apache httpd and
> Tomcat, but never dared to ask"
>
yepp, and Woody Allen as the presenter ;)
If you can't get Wo
Hi Mark,
- I think an overview of thenew features of Tomcat 7 would be great
- Fillip did a talk about the new Servlet Specs 3.0
- Concerning how often questions regarding mod_jk are showing up in
the list: mod_jk - HowTo / Best practices
- I very much liked the talk "becoming a tomcat superuse
How about
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
skype:rc46fi
--
On Thu, Apr 2, 2009 at 7:30 PM, Dan Armbrust
wrote:
>
> What would be doing this? Something in my app is preventing this
> severe error from being passed up to tomcat to be logged - but then my
> app doesn't log it either - probably because it is stopped before it
> ever finishes deploying.
Your
On Thu, Apr 2, 2009 at 7:30 PM, Je suis la poubelle wrote:
> On Fri, Mar 27, 2009 at 5:34 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>
> Setting charset/encoding is to specify computerized information. It's
> not just a matter of language. If setting charset in META tag d
On Thu, Apr 2, 2009 at 3:37 PM, Taylan Develioglu
wrote:
>
> I think a seperate overview of attributes per connector would be clearer.
>
+1
Somebody got some time to change it in the TC trunk and cis able to
reate a bugzilla-RFE with a patch?
Any volunteers welcome ;)
Rgds
Gregor
--
just beca
If you haven't specified a console-logger:
catalina.out
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
@ http://pgpkeys.pca.dfn.de:11371
@ http://pgp.mit.edu:11371/
--
Martin,
On Wed, Apr 1, 2009 at 6:53 PM, Martin Gainty wrote:
>
> Gregor
>
> can you elucidate any documented security holes in Apache HTTPD?
>
Most of them are fixed, but it proofs that there are quite some, and I
bet there will be some full disclosure in future.
For a start:
http://www.google
Peter,
On Wed, Apr 1, 2009 at 4:58 PM, Peter Crowther
wrote:
> And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has
> fewer vulnerabilities than just Tomcat.
>
> I'd also be very interested to see the evidence (either way) on that.
>
See, I believe in the statement that the
Hi André,
On Wed, Apr 1, 2009 at 4:52 PM, André Warnier wrote:
> Gregor Schneider wrote:
>>
>> Unfortunately my apps are working like charm, so I ain't got an
>> example to cpy and post here... *cough*
>>
> Angeber.
>
Promise to conserve my next
On Wed, Apr 1, 2009 at 4:22 PM, Peter Crowther
wrote:
>
> And, indeed, that Apache + mod_security + mod_jk + Tomcat has fewer
> vulnerabilities than just Tomcat.
>
Since I'm interested on hard data, too, hand over the facts, please.
It's just that I'm curious...
Rgds
Gregor
--
just because y
On Wed, Apr 1, 2009 at 12:07 PM, Mighty Tornado
wrote:
> Where can I obtain it?
You wrote before:
> I get the following exception in the log when I start the server up:
>
> ==> localhost.2009-03-03.log <==
>at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:2
On Tue, Mar 31, 2009 at 5:19 PM, Caldarale, Charles R
wrote:
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Subject: Re: Profiling tomcat applications with -Xrunhprof (Tomcat runs
>> asa Windows Service)
>>
>> Are you trying to get profiling data, or are you trying
>> to get
Wesley,
if Germany is an option, I'd have 2 recommendations for you:
One lowcost (starting at @ €40-something) and one premium-hoster
(starting @ around € 250 per box).
Prices are per month, and it's
We're using both of them for our company and we're highly satisfied.
Drop me a line if you wan
Chris,
my experience with those scanners (slowest on top):
- Symantec (Norton)
- Kaspersky
- McAffee
However, those "experiences" are based on workstations only.
I do know that at least some of those scanners do have different
enterprise soltutions.
However, I guess "experiences" may vary, so
On Tue, Mar 31, 2009 at 10:56 AM, Rainer Frey (Inxmail GmbH)
wrote:
>
> Then, is this intended behavior, or a bug?
>
> Rainer
>
Making a long story short:
It's expected behaviour.
>From the Tomcat 6 documentation
(http://tomcat.apache.org/tomcat-6.0-doc/deployer-howto.html):
=== [ snip ] =
Chuck,
On Mon, Mar 30, 2009 at 8:52 PM, Caldarale, Charles R
wrote:
>
> Perhaps, but then why would the OP be concerned about losing session
> information when updating with Eclipse, if this were only for
> test/development?
>
Maybe the he's too lazy to login every time? Who knows...
>> So ca
Jon,
On Mon, Mar 30, 2009 at 8:45 PM, wrote:
>
> There is no native JDBC driver for Navision, so I have to use the ODBC
> version.
>
ODBC is usually already a show-stopper on Java
> I think I may have found the problem, but I do not know how to fix it. All
> of our systems (including the produ
Chuck,
actually Nirvana is a pretty good place but for serialized /
de-serialized sessions ;)
Anyway:
On Mon, Mar 30, 2009 at 8:38 PM, Caldarale, Charles R
wrote:
>
> Are you saying you run a production Tomcat under Eclipse? That's insane.
>
I'm understanding this scenario in such a way that
Sergio,
please do the following:
- remove (rename) your catalina.out and try to start Tomcat with
/etc/init.d/tomcat5 start (or whatever name your startup-script has)
After that, the log-file should hopefully be a bit shorter.
I'm a bit puzzled since your having quote /some/ errors in the
previ
Wes,
On Mon, Mar 30, 2009 at 7:23 PM, Wesley Acheson
wrote:
>
> It was because of the SSL stuff I haven't learnt how to set up SSL with
> tomcat.
>
I'm curious: What's the benefit having Tomcat run in SSL-mode for
Servlet / JDP-development?
> Okay but as far as I know when you make any trivial
On Mon, Mar 30, 2009 at 6:35 PM, Yassine wrote:
> if i were you i would use only eclipse + tomcat for my development and
> when ever i want to
> test some Apache related configurations i will then do the
> configurations manually.
>
> afaik there is nothing (plug in) that takes care of Apache web
Since you're not using an original Tomcat-download but a pre-packaged version:
- Did you do an "emerge" recently?
- What gives "netstat -lnp"?
- What's the Centos-package-maintainer's oppinion on that?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 7
Brandon,
please reply to the list so that other ppl also benefit from this.
On Sun, Mar 29, 2009 at 3:22 PM, wrote:
>
> Thanks for the quick reply! After using the approach you mentioned, I would
> then use the RequestDispatcher to complete the forward to the new context.
> Correct?
>
Haven'
Brandon,
within the Context-definition of the COntext *from* where you want to
forward, you'll have to specify
Forwarding works like this:
ServletContext otherContext = servletContext.getContext("/othercontext");
// The context may be null if the application server does not permit
cross-cont
Martin,
I believe the OP doesn't know what an .so-file is.
I'm also not sure if there's something like "execute-privileges" in Windows.
Besides, he's talking about Tomcat 6, and I can't find anything like a
"shared"-folder in Tomcat 6.
My knowledge about all this library-stuff on MS Windows (bt
Mea culpa, Chuck, you're right...
On Fri, Mar 27, 2009 at 3:21 PM, Caldarale, Charles R
wrote:
>
> A week in Amsterdam, and... How much have you guys been drinking? :-)
>
erm... actually I wasn't drinking :)
so let's just wait for the logs
Cheers
Gregor
--
just because your paranoid, doesn'
1st: I Agree to Yassine that it would be helpful if you could provide some logs.
2nd: If I'm not mistaken, you're using the Tomcat5-syntax which has
changed since Tomcat 6.
Have l look here: http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
I.e., the username-attribute becomes connection
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/win64/
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
Pieter,
I'll be there starting on Tuesday Hackaton (actually will be arriving
sometime on Monday) and stay until Friday.
Btw., I found this site quite helpful:
http://aceu2009.crowdvine.com/
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA52680
Martin,
On Sat, Mar 21, 2009 at 9:50 PM, Martin Gainty wrote:
>
> test driven means if I create a component as a developer I need to install a
> JUnit testcase that will test the requisite function
>
Actually there's a bit more behind it.
Usually, you start to design an application starting wit
On Sat, Mar 21, 2009 at 1:06 AM, Richard Langly
wrote:
> If you mean that there are no modifications to the original request or even
> the response, then yes. It's to be a transparent proxy.
>
So why do you try do build your own proxy?
I've a similar setup using TinyProxy - that's just perfect.
Just ask them to google for security-issues linked to PHP and issues
linked to any servlet-container (aka Tomcat).
If they want it more specific, ask them to read through some relevant
mailing-list-archives such as full-disclosure.
OK, that's not about performance, but we f.e. do not use PHP due
Peter,
On Fri, Mar 20, 2009 at 2:05 PM, i_am_superman wrote:
> I just don't
> understand it; how do hosting companies host 2 sites on one box with a
> certificate each? That'll be a lot of IP address juggling..
>
Well, we f.e. do have a box 8ok, actually two boxes behind a
loadbalancer), eac
On Fri, Mar 20, 2009 at 12:36 PM, André Warnier wrote:
>
> Considering the amount of taxpayer money that governments are currently
> pumping into failed financial institutions and car makers, I'm sure they
> could afford a 400 € certificate, no ?
> Or is it that bad ?
>
+1
Cheers
Gregor
--
just
On Fri, Mar 20, 2009 at 12:10 PM, i_am_superman wrote:
>
>> If anyone else has another idea, please respond.
How about a self-seigned cert?
A nasty browser-window will pop up once, however, the users could
import the server-cert into their browser, and then they#re done
Rgds
Gregor
--
just be
Richard:
Are you looking for a transparent proxy? I.e., circumvent some censorship?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
--
On Thu, Mar 19, 2009 at 5:23 PM, Agent96
wrote:
>
> Thanks...I just came to the same conclusion too.
>
> URI uri = MyClass.class.getResource("/resources/xsd/Message.xsd").toURI()
> which resolves to myWebApp/WEB-INF/classes/resources/xsd/Message.xsd
>
That's not recommended.
Instead of using
André,
On Wed, Mar 18, 2009 at 7:37 PM, André Warnier wrote:
> Nope, just that after people keep throwing mysterious acronyms at me, and
> several of them start to use the same ones, I get curious.
Since I believe one of those "people" was me, I hope throwing stuff at
you didn't hurt too much :
This is not a Tomcat-related question but a question relating to
Servlets in general.
http://edocs.bea.com/wls/docs61/webapp/web_xml.html#1017571
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available
On Wed, Mar 18, 2009 at 3:47 PM, Christopher Schultz
wrote:
>
> Wireshark does full TCP capture but also "understands" protocols, so it
> will show you only the HTTP details for a particular packet, etc.
>
But will this help to find out the characterset of encoded string in
an RMI-object?
If I un
André,
two questions:
what type of conenction is the servlet using? Is it RMI, Socket, something else?
If you're not happy with Wireshark, there might be an approach which
takes a bit more effort but might work in case the Java-classes are
not obfuscated:
Talking RMI:
- try to decompile the Ja
So how should we help you then without knowing your application?
Remeber: This is a Tomcat-mailinglist. However, since some guys here
do have quite some Struts-know, maybe you're lucky if providing
sufficiant information...
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not aft
Since Struts is very well tested on Tomcat (btw: which versions are
you running?), I wouldn't believe this being a Tomcat / Struts-problem
but a problem of your app.
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
If found this one:
http://www.w3.org/TR/html401/interact/forms.html#adef-accept-charset
Actually, to me it's not clear why Tomcat should believe the input
being encoded in ISO8859-1, when one can give a detailled information
how the form-data is encoded.
If I understand it correctly, one can eve
On Mon, Mar 16, 2009 at 3:10 PM, Mikolaj Rydzewski wrote:
>
> It doesn't work for me. By default Tomcat uses ISO-8859-1 encoding. And it
> will try this encoding to parse input parameters.
>
That's true, I'm doing the same here for German Umlaute, however:
One link in the Wiki is pointing to HTT
- take a look into your server.xml-file:
somewhere you shoudl find the -element:
just add the attribute "appBase" in there and you're set.
however, since you're running a pre-packed Tomcat, I don't know where
centOS is storing the Tomcat-config-files - will be your part to find
that out.
furthe
1 - 100 of 498 matches
Mail list logo
