Ok, I will check the filter what it does
Thanks for the comments.
On 6/9/08, Len Popp <[EMAIL PROTECTED]> wrote:
>
> Both the Exchange server and the email client (Outlook) can filter
> messages. You'll have to check the filtering settings on both client &
> server to find out exactly why your ema
Sorry about this, I messed subjects up.
Abraham Marín Pérez <[EMAIL PROTECTED]>
Responsable de I+D
SILVANO CONSULTORES
Tfno.: 93.412.79.12 -- Fax: 93.410.92.90
http://www.silvanoc.com/
[EMAIL PROTECTED]
09/06/2008 17:29
Por favor, responda a "Tomcat Users List"
Para: "Tomcat
Sorry, not always easy to keep a thread with the huge traffic on this list.
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Benoit,
Benoit Maisonny wrote:
| Christopher Schultz wrote:
|>
|> Benoit,
|>
|> Benoit Maisonny wrote:
|> | I suspect someone forgot to encode th
Am 09.06.2008, 19:15 Uhr, schrieb Mark Thomas <[EMAIL PROTECTED]>:
Jörg Fröber wrote:
Hello,
using Tomcat 6.0.12 on one jsp page sometimes the following error
occurs:
java.lang.ArrayIndexOutOfBoundsException: 8192
That looks like a Tomcat bug. Do you see the same problem with the
lat
Jörg Fröber wrote:
I've build tomcat from
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk and there still
occurs an error.
Here is the stacktrace:
Can you provide the source of the simplest JSP that causes the error? What
we need is a test case we can use to investigate this. The simpl
On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
> Can you provide the source of the simplest JSP that causes the error? What
> we need is a test case we can use to investigate this. The simpler the test
> case the better.
I suppose he should increase the header size, or (be
On 9 Jun 2008 at 20:10, Bill Davidson wrote:
.
.
.
> I didn't really do it as a filter though. The login servlet, after
> verifying the
> user's login and password, just creates and sets the cookie in the response
> rather than letting Tomcat create the cookie.
I would make sure to do some t
Hi,
I'm currently attempting to configure IIS+Tomcat via the IIS connector
as per instructions at:
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
So far I've been having no luck at all, browsing
/examples/jsp/index.html just returns a 404:
IIS Log:
3131-08-08 04:43:02 W3SV
Am 10.06.2008, 15:13 Uhr, schrieb Rémy Maucherat
<[EMAIL PROTECTED]>:
On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
Can you provide the source of the simplest JSP that causes the error?
What
we need is a test case we can use to investigate this. The simpler the
te
Hi,
When accessing /manager/html remotely I am asked for username and password, but
then I get a "401 access denied" error regardless.
However I am able to log in to the manager app locally, e.g.
http://localhost/manager/html works.
I am running a java based website on the same Tomcat serve
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to jkmanager
?
Or is the only way to edit the workers.properties file and use the
'activation' keyword.
Exampl
On Tue, Jun 10, 2008 at 4:17 PM, Jörg Fröber <[EMAIL PROTECTED]> wrote:
> An explizit call of response.flushBuffer() seems to have solved the problem.
>
So it could indeed be worth it if you provide a test JSP.
Rémy
-
To start a
I appreciate that this question may have been asked before, but I can't track
down an
easy way to move forward on it, so am turning to the list for help.
I downloaded and installed (WinXP) Tomcat 6.0.16 - its working fine and I have
created a small application with JSPs and Servlets and client si
Black Bourne wrote:
Hi,
When accessing /manager/html remotely I am asked for username and password, but then I get a "401 access denied" error regardless.
However I am able to log in to the manager app locally, e.g.
http://localhost/manager/html works.
Is a remote address valve configured
Charles J Gillan wrote:
If I try to access via my IP address, still on my own PC, that is for example
http://192.168.1.100:8080/MYAPP
I get an error message.
What is the error message?
Mark
-
To start a new topic, e
Mohan2005 wrote:
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to jkmanager
?
No, but that's a good idea to put a wildchar processing
for worker names (s
could you be running into
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6280693
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6332094
so an upgrade to the JVM might fix it
Filip
Reid Swanson wrote:
Hi,
I have a web app that includes a large amount of data and I am having trouble
dep
Mladen Turk wrote:
Mohan2005 wrote:
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to
jkmanager
?
No, but that's a good idea to put a wildchar processi
worked fine for me, here are my config files and example JSP files
http://people.apache.org/~fhanik/replicated-context-example.zip
Filip
gangadhar p wrote:
Hi Guys,
The Tomcat 6 documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/cluster.html) says that the
Context (ServletContext,
In my application, I am trying to upload files to be stored in the
directory [application root]/files. To get the path to write files
to, I am using:
request.getSession().getServletContext().getRealPath("/files");
However, this is returning the directory:
"apache-tomcat-6.0.16/temp/#-Application/
It's possible. Unfortunately it's not really practical to upgrade the JVM on the
machine. As a work around I've found I can manually unzip the war and set the
directory and context path in the html manager.
On Tue 06/10/08 9:43 AM , Filip Hanik - Dev Lists [EMAIL PROTECTED] sent:
> could you be r
kohanm wrote:
here they are:
[EMAIL PROTECTED] usr]# cd java
[EMAIL PROTECTED] java]# cd jdk*
[EMAIL PROTECTED] jdk1.6.0_02]# cd bin
[EMAIL PROTECTED] bin]# ls -l
...
-rwxr-xr-x 1 root root 135168 Jun 14 2007 java.exe
...
I have no way to find out how you have managed that, but whatever
y
> From: David Momper [mailto:[EMAIL PROTECTED]
> Subject: getRealPath() returning temp space path
>
> However, this is returning the directory:
> "apache-tomcat-6.0.16/temp/#-Application/files" where #
> is a number 0-9.
> I thought it was supposed to return the path
> "apache-tomcat-6.0.16/webapps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
Bill Davidson wrote:
| However today, I discovered door #3. Make the login servlet (which is
| https) create and set the cookie as a non-secure cookie instead of letting
| Tomcat create the JSESSIONID itself. This is a minor change to the cod
Christopher Schultz wrote:
Did you change Tomcat code, or your own code?
Our own code. We have an explicit login servlet that handles
checking the login/password against values stored in our Oracle
database.
Okay, so it sounds like you are using your own. Is there any particular
reason you a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
I have a few questions myself. See inline.
Mark Thomas wrote:
| Annony Mouse wrote:
|> 2.) If (1) is fact, can the exploit expose ALL Session IDs? Is it
|> dumping all of the data in all the sessions, or 'just' the sessionID
|> map?
|
| The w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
Bill Davidson wrote:
| Christopher Schultz wrote:
|> Is there any particular reason you are not using the built-in
|> container-based security mechanism?
|
| I don't know. I didn't design it. Was that container based security
| available in T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
BurnInHell wrote:
| Since I want to access the application from "outside" and I have no access
| to the firewall which is only enabeling https I want to access my
| application over https://server.domain/app using:
|
| proxypass /app http://l
Christopher Schultz wrote:
Yep. It's part of the servlet specification. Maybe as you move forward,
you could look into using that and reduce the amount of code you have to
maintain. Note that TC container-managed authentication does not allow
drive-by logins (that is, logins that didn't result fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maux,
maux wrote:
| I would like to know if there is something that I can configure to an
| application that force the application to execute that thing before it
| executes. I mean I need something that does more or less the same that a
| filter bu
I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the
unix commands run as user "dingo". But I have another user "aruns" and I
would like ONE AND ONLY ONE of my web applications to use Runtime.exec()
to run a perl script as user "aruns" and not as user "Dingo". Is this
possible? If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark H. Wood wrote:
| Sorry, I didn't fully specify the problem. I do refer to
| URI-(en|de)coding, not to character encoding issues.
If the original URL was "http://server/app?foo=a%20space"; (or even
"http://server/app?foo=a+space";, then c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arun,
Don't hijack threads :(
Sudhir, Arun wrote:
| I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the
| unix commands run as user "dingo". But I have another user "aruns" and I
| would like ONE AND ONLY ONE of my web application
Chris,
Do you mean to say that every webapp is a separate thread? So
the userid for the Runtime.exec() would be the id of the user starting
the servlet conatiner (by running startup.sh)? Is there a place like a
catalina.policy or something where I can say "hey tomcat, this is userid
with wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
- -chris
-BE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
Sorry, one more comment:
André Warnier wrote:
| Off-topic : Are you sure that can really happen ? I must admit that I
| have never seen that behaviour before, and it seems to me that it would
| create a host of other problems (such as breakin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin wrote:
| If you're in a secure location that disallows cookies..you can always
| try url-rewrite
Dude. The container does URL rewriting without requiring other tools.
Stop confusing people with this junk.
- -chris
-BEGIN PGP SIG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nameless,
Nam3l3ss wrote:
| I have a bean on a jsp page (jsp:UseBean) , with application scope,
that uses
| some resources that must be freed when the application is stopped/reset.
|
| I'm currently using a context listener to detect when does the se
David Momper wrote:
In my application, I am trying to upload files to be stored in the
directory [application root]/files. To get the path to write files
to, I am using:
request.getSession().getServletContext().getRealPath("/files");
However, this is returning the directory:
"apache-tomcat-6.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zufeng,
Zufeng Huang wrote:
| I post a topic about the performance of apache+mod_jk_tomcat
| yesterday, and just now, I tried apache ab as the tool to do a
| benchmark. But the result is amazing.
[snip]
| 1, According to my configurations, apache(2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arun,
Sudhir, Arun wrote:
| Do you mean to say that every webapp is a separate thread?
No.
| So
| the userid for the Runtime.exec() would be the id of the user starting
| the servlet conatiner (by running startup.sh)?
Yes. Child processes inherit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
Luca Bertuccelli wrote:
| I'd like to use some JSP of one context into different contexts without
| copy[ing] them.
Why /not/ copy them?
| Is it possible?
I'm sure it's possible, but Tomcat does not include any configuration
options to actu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yves,
Yves Glodt wrote:
| I need to run now another application on tomcat, and what I think to
do is to
| have another "instance" of tomcat running on another port, isolated
from my
| OpenCms, with a different webapps folder as well.
Yep, you need a
Christopher Schultz wrote:
Mark Thomas wrote:
| The worst case is that the attacker will obtain the ID for the current
| session. With this the attacker has access to the session as the current
| user.
Who is "the current user"? If the attacker already has the session id,
there's no need to hit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Ochani wrote:
| Off topic remark. I hope you don't use [Fedora Core 8] on production
machines. Fedora is not
| designed for that.
What leads you to that conclusion?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32
Christopher Schultz wrote:
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
Not that that means I am always r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ming,
Yu, Ming wrote:
| 2) After the service is initiated, there are two processes staying
| resident in memory: one is the jsvc controller process and the other is
| the main tomcat process. Everything is fine. The main process is
| detached fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark Thomas wrote:
| This attack requires luring a user who is already logged in to a webapp
| running on a vulnerable Tomcat server to a malicious site. With a
| suitably crafted URL, the attacker is able to steal the authentication
| cookie f
Christopher Schultz wrote:
Mark,
Mark Thomas wrote:
| This attack requires luring a user who is already logged in to a webapp
| running on a vulnerable Tomcat server to a malicious site. With a
| suitably crafted URL, the attacker is able to steal the authentication
| cookie for the user who w
I need to execute it before an application executes.
I know filters are the way but I need to communicate with an applet and I
think filters and applets can´t have a two-way communication.
Thanks.
Christopher Schultz-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Maux,
>
>
On 10 Jun 2008 at 17:20, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Steve,
>
> Steve Ochani wrote:
> | Off topic remark. I hope you don't use [Fedora Core 8] on
> production
> machines. Fedora is not
> | designed for that.
>
> What leads you to that conclus
Thank you. I will.
Regards
mohan
Rainer Jung-3 wrote:
>
> Mladen Turk wrote:
>> Mohan2005 wrote:
>>> On the same front, say we have 50 nodes and one jkmanager.
>>> There would be a management problem to disable/activate nodes.
>>> Is there a way to disable/activate nodes passing URL parameters
Hello Again;
I tried the following, did not take effect;
What am I doing wrong here please;
My jkmanager shows this for the Loadbalancer "TEST" and it has only one node
called "NODE1"
NameTypeHostAddrAct State D F M
V Acc Err CE
Hi Tomcat users,
Maybe I'm not googling with the right keywords, but I can't seem to
find a simple answer to this...
I have a standard Tomcat 6.0.10 installation (no Apache httpd front
end or anything). All the contents of the webapps directory have been
removed, and a single web app has
Justin Morgan - Logic Sector wrote:
Hi Tomcat users,
Maybe I'm not googling with the right keywords, but I can't seem to find
a simple answer to this...
I have a standard Tomcat 6.0.10 installation (no Apache httpd front end
or anything). All the contents of the webapps directory have bee
55 matches
Mail list logo
