gs in new code
In general, older software is better understood and less risky than
new software, and if it meets requirements, is preferable.
Paul Singleton
Note that the value of the useHttpOnly attribute for the element is
false in 6.0.x, but true in 7.0.x. Whether or not the attribute even e
On 15/05/2012 15:08, Christopher Schultz wrote:
On 5/15/12 5:00 AM, André Warnier wrote:
Personal opinion : tags are evil. They create all kinds of
issues when you move the app, or change your server configuration.
There shouldn't be any real reason to use them, if your app is
structured pro
ific HTTPS
app, on the optimistic assumption that no-one these days actually
types e.g.
https://my-secure-app.megacorp.com
just
my-secure-app.megacorp.com
Is this a really cheesy idea? have I missed something obvious?
Paul Singl
servlet spec implementation free to enable startup sequence to be
defined?
Paul Singleton
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Apache httpd + Tomcat?
Paul Singleton
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Bill Barker wrote:
"Paul Singleton" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
If I set
will Tomcat ignore any JSESSIONID cookie which
accompanies a request? Should it?
With any of the released versions, it won't ignore the cookie if the browser
If I set
will Tomcat ignore any JSESSIONID cookie which
accompanies a request? Should it?
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
t you could put
this in conf/web.xml (after )
404
/my_error_404.jsp
then if you call response.sendError(404, "") when your
app decides the request isn't sensible, this page will
be used. I haven't tried this.
Paul Singleton
-
your
app decides the request isn't sensible, this page will
be used. I haven't tried this.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
is_maximum wrote:
Hi experts,
I have a web application configured to be secured by ssl, the problem is at
some pages the browser displays a dialog box as a warning that says, this
page contains both secure and non-secure items do you want to display
non-secure items? and the user has two options
Jeff Hoffmann wrote:
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
Dan Armbrust wrote:
A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...
I would use wget instead of Lynx, but that's just me.
D
ECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Paul Singleton
Jambusters Ltd
tel: 01782 750821
fax: 08707 628609
VAT: 777 3904 85
Company no. 04150146
-
To start a new topic, e-mail: users@tomcat.apache.org
Girish Havaldar wrote:
Hello
are there any text editor built in that assist us in formating input
data, like Subscripting, superscripting, making bold, etc. This editor we
need to embed in our jsp page.
'openWYSIWYG' and 'tinyMCE' are JavaScript
rich text editors embeddable in web pages
incl
a public website accepts you can use a service at serversniff.de,
or download a desktop tool called "SSLDigger" from www.foundstone.com.
Paul Singleton
I tried setting SSLCipherSuite="SOME_CIPHER", to only allow a single cipher but
when a client connects it still uses what
been done? I really want a solution
which continues to behave like startup.bat regardless
of changes to the environment, Tomcat, server.xml etc.
(I won't always be there to sort things out)
Paul Singleton
-
To start a new
olve any software you wouldn't have to use anyway (if
someone discovers a security vulnerability in jsvc tomorrow I shall
be smugly smiling) but realistically there's nothing in it and the
choice is yours...
Paul Singleton
--David
Faheem Mitha wrote:
Hi,
I can now get tomcat to run a
BENTOUHAMI MB Malek (DCL) wrote:
Hi,
I meet a unsolvable problem (for me) :
14:54:27,221 ERROR [PoolTcpEndpoint] Le point de contact [SSL:
ServerSocket[addr=/0.0.0.0,port=0,localport=8443]] a ignoré l'exception:
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No
avai
Caldarale, Charles R wrote:
From: Paul Singleton [mailto:[EMAIL PROTECTED]
Subject: Re: can a web app discover its Service?
I've had a closer look at Tomcat Configuration
Reference, which says you can set per-Server
JNDI variables (GlobalNamingResources), and
per-Context ones, but there
Bob Hall wrote:
--- Paul Singleton <[EMAIL PROTECTED]> wrote:
>> I want to deploy the same war into different
(5.5)
>> Services (e.g. "test" and "live"), and want it
to
>> discover where it is and behave differently.
I didn't explain *why*
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul,
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. "test" and "live"), and want it to
discover where it is and behave differently.
Is there a Tomcat-spe
Mikolaj Rydzewski wrote:
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. "test" and "live"), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come to mind.
ubject: Re: can a web app discover its Service?
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. "test" and "live"), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come
Mikolaj Rydzewski wrote:
Paul Singleton wrote:
I want to deploy the same war into different (5.5)
Services (e.g. "test" and "live"), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
JMX and MBeans come to mind.
I want to deploy the same war into different (5.5)
Services (e.g. "test" and "live"), and want it to
discover where it is and behave differently.
Is there a Tomcat-specific way to do this?
Is there a container-independent way of discovering
container-specific info like t
with alias 'netrequest' before replacing it?
Paul Singleton
For good measure (because I wasn't sure if I had to or not) I also added
them to my Java cacerts file on the pc that I'm going to use to remotely
connect to the Server...
OK, so my first test was to test that the cer
ed to "hand off" an initial
HTTP request to a telnet conversation, which could be tricky
or impossible.
Are you reinventing "HTTP tunneling"?
http://en.wikipedia.org/wiki/HTTP-Tunnel
Paul Singleton
Can you "write a server" inside a servlet ??
PK
At 06:46 2/28/20
er. But it requires
two manual steps: first, reload the webapp; second, access a page in the
webapp.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
UPGRADE.
Otherwise get jsvc to work for you.
Regards,
Steffen
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
ncurrently, you may find it easier and safer overall
to synchronise access to each session and continue to
code your sessions without worrying about concurrent
requests. Your users will never notice. Just don't
serialise *all* requests :-)
But this may not be what William is on about...
.. />
and got this at Tomcat startup:
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base
C:\shared\apps\jakarta-tomcat-5.5.9\webapps\2\CardiffCarshareWelsh2c
does not exist or is not a readable directory
where /webapps2/ was being interpreted as
possible.
That's (part of) my "security posture"...
Paul Singleton
PS if you know how to configure iptables to also
forward internal requests to localhost:8080 please
pass it on!
If this is true, then I say you have a very weak security posture.
Might I suggest you do some ad
-)) is that web apps can't
make requests to themselves at port 80, but have to
use 8080 or whatever.
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
vailable then it is broken,
and if AOL don't set HTTP_X_FORWARDED_FOR then they are
guilty of Bad Practice (only those dodgy anonymising
services have a good reason to do that).
Paul Singleton
* or perhaps HTTP_CLIENT_IP
--
return a link back into the session, but this is
probably good practice anyway, and all cookie-related
problems go away (and testing becomes easier: you can
have many independent sessions in Firefox tabs etc. :-)
Paul Singleton
tores unless you
really have to...
Paul Singleton
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Lambda Probe is a free+easy way to get some
instrumentation
Propes, Barry L wrote:
I'm having some problems this morning with performance. How can I easily
determine if it's servlets, or Tomcat, as opposed to possibly the database
(Oracle) I'm using?
I've not had this problem before.
Barry
y URL rewriting.
First you need to ensure that your servlet/JSP app uses
response.encodeURL()
wherever it returns a URL referring to one of its own pages, e.g.
">me
Then use the
attribute to stop session cookies being sent.
This has pros and cons but that's another topic.
Jorge Isaac Martínez Hatch wrote:
SEVERE: Error starting endpoint
java.net.BindException: Cannot assign requested address: JVM_Bind:443
Probably the port is already in use, perhaps by a task left
over from your previous attempts. Can you reboot and try again?
Or do you have another web serve
7;t match.
If it gets the first cert, then it must be using the first Connector,
which I guess is because, without "address" attributes, both are using
all addresses?
Paul Singleton
Any help on this is welcome, thank you.
Isaac Martínez Hatch
---
me" is set incorrectly in
these preferences.
cheers
Paul Singleton
Asad Habib wrote:
Hello. I am experiencing a problem trying to start Tomcat from Eclipse
using the Sysdeo Plugin.
The error I get is as follows:
Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catal
Mark Thomas wrote:
Paul Singleton wrote:
(I am required to anonymiee a Tomcat 5.5 server from hackers
trying to discover its version etc.)
If I put this in conf/web.xml
404
/anon_error.jsp
*and* put an anon_error.jsp in every web app, then I can
replace the built-in error page.
But
when a
(page within a) nonexistent context is requested?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.375 / Virus Database: 268.0.0/268 - Release Date: 23/Feb/2006
-
To
deploy)
* set docBase in Context to an absolute path to your app
regards
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/Nov/2005
---
David Wall wrote:
...if the user accesses your site with
http://, the port 80 Connector (or 8080 if testing or using a
non-standard port) has a "redirectPort" element that causes Tomcat to
automatically issue a redirect using https://
Are you sure? I thought redirectPort was only u
pages as out
of date, and recompile them as they are encountered?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.13.7/182 - Release Date: 24/Nov/2005
I only use Tomcat standalone, and have no hunches about
your particular problem, but sometimes IE hides the
sordid details of error msgs and I find that Firefox
gives them to you straight; also there's a LiveHTTPHeaders
plugin which can be useful when troubleshooting?
good luck :-/
oyment on startup from explicit
contexts while suppressing implicit deployment from the appBase?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 5/Nov/2005
e.jsp
and what error codes must I do this for? Is there a
compact way of specifying *all* codes?
Is it a bad idea to define a page for java.lang.Throwable?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.362 / Virus Database: 267.12.
r; if you construct SQL
queries from text supplied by the user, they may be
able to "inject" commands to do things you don't want
them to be able to do
RTFM for various techniques for authorizing users
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG
rw-rw-r-- 1 tomcat tomcat 439 Oct 2 20:01 tomcat-users.xml
Since it contains a plaintext password this is a security
risk.
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.4/143 - Release Date: 19/Oct
precompile"; // can be "jsp_precompile=true"
};
};
int ok = compileAllJsps(pageContext, out, req, response, "/", false);
%>
<%= ok %> JSPs (now) appear to be compiled
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG
d share their collections of
issued session ids via a database
I guess this isn't Tomcat-specific: the (next?) API could
do a little more to help you in these circumstances?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Data
to a Lifecycle listener
or whatever so that it runs as soon as an app is
started?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.1/136 - Release Date: 15/Oct
very large
value, will the pages be checked straightaway (then
not for ages) or just not for ages?
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.12.1/136 - Release Date: 15/Oct
54 matches
Mail list logo
