>From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>Subject: Re: WEB-INF
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Leo,
>
>I'll chime in. :)
>
>On 9/10/2010 10:13 AM, Leo Donahue - PLANDEVX wrote:
>> I've read that you c
>From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>Subject: RE: WEB-INF
>
>> I want to understand why it is a good practice to place
>> them in WEB-INF
>
>To avoid uncontrolled access to your code. For example, if the
>resources were in a client-acces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leo,
I'll chime in. :)
On 9/10/2010 10:13 AM, Leo Donahue - PLANDEVX wrote:
> I've read that you can secure direct access to a JSP by placing it in
> the WEB-INF directory. I know you can also secure direct access to a
> JSP by creating a security c
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
Subject: RE: WEB-INF
> I want to understand why it is a good practice to place
> them in WEB-INF
To avoid uncontrolled access to your code. For example, if the resources were
in a client-accessible area, the resource
> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
> Subject: RE: WEB-INF
> This one?
> http://jcp.org/aboutJava/communityprocess/final/jsr315/index.html
That's the primary one for Tomcat 7. Unfortunately, I think the 3.0 spec took
a step backwards in readab
>From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
>Subject: Re: WEB-INF
>
>Leo judging from the answers you've got. I think it may be better to
>state what you want to achieve. I'm not clear if you want to prevent
>access or allow access at the moment. Especially
>From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>Subject: RE: WEB-INF
>
>
>> I'm trying to understand why there are so many of these kinds of
>questions.
>
>I think mostly because people often do not read the actual specs.
>
> - Chuck
From: "Caldarale, Charles R"
>
> To: "Tomcat Users List"
> Sent: Friday, September 10, 2010 10:32 AM
> Subject: RE: WEB-INF
>
>
>> From: michel [mailto:compu...@videotron.ca]
>> Subject: Re: WEB-INF
>
>> You get direct access to an
> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
> Subject: RE: WEB-INF
> I'm trying to understand why there are so many of these kinds of questions.
I think mostly because people often do not read the actual specs.
- Chuck
THIS COMMUNICATION MAY CONTAIN CO
> From: michel [mailto:compu...@videotron.ca]
> Subject: Re: WEB-INF
> do you mean things like URL rewrites and such are
> ignored if you puta JSP in WEB-INF?
Redirects to anything in WEB-INF will fail, since the redirect is actually
issued by the client. A forward to somethin
- Original Message -
From: "Caldarale, Charles R"
To: "Tomcat Users List"
Sent: Friday, September 10, 2010 10:32 AM
Subject: RE: WEB-INF
From: michel [mailto:compu...@videotron.ca]
Subject: Re: WEB-INF
You get direct access to any JSP if you specify the URL
>From: michel [mailto:compu...@videotron.ca]
>Subject: Re: WEB-INF
>
>
>- Original Message -
>From: "Leo Donahue - PLANDEVX"
>To: "'Tomcat Users List'"
>Sent: Friday, September 10, 2010 10:13 AM
>Subject: WEB-INF
>
>
>I&#
> From: michel [mailto:compu...@videotron.ca]
> Subject: Re: WEB-INF
> You get direct access to any JSP if you specify the URL.
Not true. There is no direct client access to anything under WEB-INF.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
>Subject: RE: WEB-INF
>
>> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
>> Subject: WEB-INF
>
>
>> Is there a difference between securing the URL and
>> securing the &
- Original Message -
From: "Leo Donahue - PLANDEVX"
To: "'Tomcat Users List'"
Sent: Friday, September 10, 2010 10:13 AM
Subject: WEB-INF
I've read that you can secure direct access to a JSP by placing it in the
WEB-INF directory. I know you can also secure direct access to a JSP b
> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
> Subject: WEB-INF
> I've read that you can secure direct access to a JSP
> by placing it in the WEB-INF directory.
That's an appropriate thing to do, not just for JSPs.
> I know you can also secure direct access to a JSP by
> From: Mudit Garg [mailto:maxmu...@gmail.com]
> Subject: Re: /WEB-INF/lib
>
> You could set an explicit classpath in tomcat startup script like:
Don't ever, ever, ever set CLASSPATH for Tomcat; you will confound the
classloader design and end up with all sorts of ClassNotFou
Hi,
You could set an explicit classpath in tomcat startup script like:
for el in $db_drivers_home/*.jar; do
CLASSPATH=$el:$CLASSPATH
done
export CLASSPATH
These jars would then be in classpath for all applications though
Regards
Mudit
On Fri, Feb 27, 2009 at
Mikolaj Rydzewski wrote:
André Warnier wrote:
chown root/root /bin/ps
chmod 700 /bin/ps
User can build his own ps binary.
Security by obscurity is not a good way to go.
I was just kidding. ;-)
I'd still like to make it work though.
It looks like such a nice way to solve the problem, apart f
André Warnier wrote:
chown root/root /bin/ps
chmod 700 /bin/ps
User can build his own ps binary.
Security by obscurity is not a good way to go.
--
Mikolaj Rydzewski
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.
Mikolaj Rydzewski wrote:
André Warnier wrote:
start)
su - tomcatuser -c "/var/lib/jvm/java $CONFIDENTIAL_SETTINGS -jar
"
All of your 'confidential settings' will be visible to all users with
one command:
ps aux
Ooops.
chown root/root /bin/ps
chmod 700 /bin/ps
Damn! it sounded so
How about md5sum?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To unsubscribe, e-mail:
André Warnier wrote:
start)
su - tomcatuser -c "/var/lib/jvm/java $CONFIDENTIAL_SETTINGS -jar
"
All of your 'confidential settings' will be visible to all users with
one command:
ps aux
There're ways to restrict such listing to only your processes. But
anyway, command line arguments
Bill Barker wrote:
This is totally Tomcat specific, so won't necessarily port if you decide to
change containers (but without looking probably still works for GlassFish
and JBoss). Tomcat does Ant style variable replacement when parsing web.xml
(both the one in conf and the one in WEB-INF).
André Warnier wrote:
In addition, it would avoid having to put some potentially sensible
values in a web-xml file which has to be readable by the Tomcat user.
Also some other, than web.xml, file with sensible values has to readable
by Tomcat user ;-)
--
Mikolaj Rydzewski
---
Bill Barker wrote:
"André Warnier" wrote in message
news:498ad66a.4080...@ice-sa.com...
Mikolaj Rydzewski wrote:
André Warnier wrote:
if I have a webapp consistig of just a couple of classes and a
WEB-INF/web.xml config file, but this web.xml file contains some
parameters that are "each-clie
Of course it will; no doubts about it! Any self-respecting maven fanatic can assure you of that!!
;-)
epicwin...@hotmail.com wrote:
Thanks for all the replies. Nice to know i can do this without any side
effects.
I think I will have to look into maven and see if that fits my deployment need
"André Warnier" wrote in message
news:498ad66a.4080...@ice-sa.com...
> Mikolaj Rydzewski wrote:
>> André Warnier wrote:
>>> if I have a webapp consistig of just a couple of classes and a
>>> WEB-INF/web.xml config file, but this web.xml file contains some
>>> parameters that are "each-client-d
Thanks for all the replies. Nice to know i can do this without any side
effects. I think I will have to look into maven and see if that fits my
deployment needs.
_
Windows Live™: E-mail. Chat. Share. Get more ways to connect.
h
epicwin...@hotmail.com wrote:
> Is there any advantage why I should not just jar all my class files and put
> them in WEB-INF/lib rather than exploding the jar file to the classes
> directory?
>
>
> I like developing with the classes and I understand it is nice to let tomcat
> deploy a .war fil
Mikolaj Rydzewski wrote:
André Warnier wrote:
if I have a webapp consistig of just a couple of classes and a
WEB-INF/web.xml config file, but this web.xml file contains some
parameters that are "each-client-dependent", and some customers are
insisting to receive the updates as a war file, how
André Warnier wrote:
if I have a webapp consistig of just a couple of classes and a
WEB-INF/web.xml config file, but this web.xml file contains some
parameters that are "each-client-dependent", and some customers are
insisting to receive the updates as a war file, how can I achieve that ?
Som
Bill Barker wrote:
ignoring the maven fanatics, Tomcat's classloader searches the
WEB-INF/classes directory before the WEB-INF/lib/*.jar. This means that it
is sometimes nice to use WEB-INF/classes for a development server. But for
a production server you won't see much difference.
Sorry t
ignoring the maven fanatics, Tomcat's classloader searches the
WEB-INF/classes directory before the WEB-INF/lib/*.jar. This means that it
is sometimes nice to use WEB-INF/classes for a development server. But for
a production server you won't see much difference.
wrote in message
news:blu1
epicwin...@hotmail.com wrote:
Is there any advantage why I should not just jar all my class files and put
them in WEB-INF/lib rather than exploding the jar file to the classes directory?
I like developing with the classes and I understand it is nice to let tomcat
deploy a .war file but it als
If you build your war files with maven you can use maven's profiles and have it
build war files that contain settings tailored for each server.
http://www.sonatype.com/books/maven-book/
http://www.exist.com/better-build-maven
epicwin...@hotmail.com wrote:
Is there any advantage why I should n
Hi Ron--
.\META-INF\context.xml has a reloadable attribute which must be set to true to
tell tomcat to monitor jars in .\WEB-INF\lib
http://tomcat.apache.org/tomcat-5.5-doc/config/loader.html
also take a look at the delegate attribute to specifically load classes via
parent class loader before
> From: Ron Wheeler [mailto:[EMAIL PROTECTED]
> Subject: Re: WEB-INF/lib ignored in Tomcat 6
>
> Should I add a doc base to the application context?
No; docBase should only be used when the app is stored outside of the
appBase directory.
> > Tomcat auto detects the libs unde
Rashmi Rubdi wrote:
Did you set the environment variables correctly?
CATALINA_HOME , should point to the root folder of Tomcat's installation, and
JAVA_HOME to JDK's root folder.
I screwed up CATALINA_HOME but after correcting it and rebooting the
problem remains.
Also specify the dire
Did you set the environment variables correctly?
CATALINA_HOME , should point to the root folder of Tomcat's installation, and
JAVA_HOME to JDK's root folder.
Also specify the directory of your project in the docBase attribute of Context
definition.
Tomcat auto detects the libs under WEB-INF/
r 2006 11:16 am
Betreff: Re: WEB-INF/lib/*.jar
> [EMAIL PROTECTED] a écrit :
> > thanks all for your reply.
> >
> > actually, I have this kind of directory hierarchy:
> > myapp/build.properties
> > myapp/build.xml
> > myapp/web/*.jsp
> >
- Originalnachricht -
Von: David Delbecq <[EMAIL PROTECTED]>
Datum: Donnerstag, 23. November 2006 11:16 am
Betreff: Re: WEB-INF/lib/*.jar
> [EMAIL PROTECTED] a écrit :
> > thanks all for your reply.
> >
> > actually, I have this kind of directory hierarchy:
gt;
> Gop
>
>
>
> ----- Originalnachricht -
> Von: "Caldarale, Charles R" <[EMAIL PROTECTED]>
> Datum: Mittwoch, 22. November 2006 5:19 pm
> Betreff: RE: WEB-INF/lib/*.jar
>
>
>>> From: [EMAIL PROTECTED]
>>>
&
directory. It is really at
the correct place, isn't it?
Or do I have to specify any path to find WEB-INF/lib/*.jar?
thanks for your help.
Cheers,
Gop
- Originalnachricht -
Von: "Caldarale, Charles R" <[EMAIL PROTECTED]>
Datum: Mittwoch, 22. November 2006 5:19 pm
Bet
Moreover, you should never put your applicaiton jars to common/lib since
then those will be loaded by Application classloader and not
WebAppClassLoader. This results in serious problems when you are running
multiple web apps or upgrading your application's version.
On 11/22/06, Caldarale, Charles
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Subject: WEB-INF/lib/*.jar
>
> it seems to me that my lib packages which are located under
> myapp/web/WEB-INF/lib can not be recognized by Tomcat.
Read the servlet spec: WEB-INF must be at the first level of the app
deployment directory (or
Should it be:
myapp/WEB-INF/lib
Sounds like that path may have been set up by an IDE but not mapped in your
context. Check your docBase path in your context file.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 22 November 2006 15:34
To: Tomcat Users List
Subj
47 matches
Mail list logo
