Re: Strange problem with tomcat 4.1.2
)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:3493)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:821)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579)
at
org.apache.catalina.core.StandardHostDeployer.addChild(StandardHostDeployer.java:529)
at java.lang.reflect.Method.invoke(Native
Method)
at
org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java)
at
org.apache.commons.digester.SetNextRule.end(SetNextRule.java:260)
at
org.apache.commons.digester.Digester.endElement(Digester.java(Compiled
Code))
at
org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at
org.apache.xerces.parsers.DTDConfiguration.parse(Unknown
Source)
at
org.apache.xerces.parsers.DTDConfiguration.parse(Unknown
Source)
at
org.apache.xerces.parsers.XMLParser.parse(Unknown
Source)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown
Source)
at
org.apache.commons.digester.Digester.parse(Digester.java:1514)
at
=== message truncated ===
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do you Yahoo!?
New DSL Internet Access from SBC Yahoo!
http://sbc.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Yes I agree that some sort of JSP Tagging can be
beneficial but at times it is overkill. I think the
ultimate solution would be a combination of both.
--- Bojan Smojver [EMAIL PROTECTED] wrote:
On Wed, 2002-09-25 at 07:31, Matt Fury wrote:
What's easier though? Upgrading a Tomcat server
with a
patch or re-architecting your whole site to
accomodate
for Velocity??
Short term, upgrading Tomcat. Long term, doing it in
Velocity.
Bojan
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do you Yahoo!?
New DSL Internet Access from SBC Yahoo!
http://sbc.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How can I maintain sessions between IIS and Tomcat?
Hi Luca,
ASP and JSP (IIS, Tomcat) are too separate server side
languages and runtimes, hence there is no way to have
them talk to each other via a Session Object since
they each store sessions in a different manner.
You may pass variables back and forth between them via
a normal HTML manner but thats about it. Or you may
choose to write to disk.
-Matt
--- Luca Ventura [EMAIL PROTECTED] wrote:
Hello everybody!
I have installed Tomcat as plug-in of Internet
Information Server (IIS) to
support JSP/Servlet, using the ISAPI filter.
So I can support ASP pages thanks to IIS and
Servlets/JSP-pages thanks to
Tomcat.
All works well if I don't use sessions. In fact if I
create an user-session
(object) in a JSP page or in a servlet, and then I
insert information in it
(using setAttribute() method of HttpSession class) ,
the session object just created is not visible in an
ASP page. The same
thing happens if I create
the session in an ASP page: the session will not
visible in a JSP page. It
seems that IIS
and Tomcat can't exchange session information
between them...why?
How can I solve this problem? Must I configure the
ISAPI filter in some way?
If yes..how?
I hope someone can help me.
Thanks in advance!
Luca
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do you Yahoo!?
New DSL Internet Access from SBC Yahoo!
http://sbc.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
This may be true (though I have never tested it).
What's easier though? Upgrading a Tomcat server with a
patch or re-architecting your whole site to accomodate
for Velocity??
;-)
-Matt
--- Jon Scott Stevens [EMAIL PROTECTED] wrote:
on 2002/9/24 4:59 AM, Remy Maucherat
[EMAIL PROTECTED] wrote:
A security vulnerability has been confirmed to
exist in all Apache
Tomcat 4.x releases (including Tomcat 4.0.4 and
Tomcat 4.1.10), which
allows to use a specially crafted URL to return
the unprocessed source
of a JSP page, or, under special circumstances, a
static resource which
would otherwise have been protected by security
constraint, without the
need for being properly authenticated.
Once again...JSP sucks and Velocity is the right way
to go...you will never
have to worry about your container spilling your
beans (pun intended).
Given that Tomcat gets around 100k+
downloads/week...imagine how many
servers now need to be updated and how much money
and time that will cost to
do so?
http://jakarta.apache.org/velocity/
Wake up people. Velocity is faster and more secure
than JSP will ever be.
-jon
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do you Yahoo!?
New DSL Internet Access from SBC Yahoo!
http://sbc.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat 4.0.4 w/ mySQL org.gjt.mm.mysql.Driver
I am confused. Can anyone tell me what changed between
4.0.3 and 4.0.4 that won't allow me to connect to my
mySQL database anymore? Its denying any user/password
I put in giving me a SQL Exception.
My code hasn't changed at all in fact when I roll back
to 4.0.3 it works fine.
-Matt
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat/IIS Integration url request.getParameter()
Hi!
I've tried to search FAQ's and newgroups and haven't
been able to find anything. Please forgive me if its
been answered.
With the Tomcat 3.3/IIS forwarding jsp responses, it
seems as though any url parameters are not being
forwarded and are returning NULL. ie.
http://localhost/index.jsp?username=blahpassword=yadayadayda
The username/password requests are not returning
anything. I can confirm this when I go to the port
tomcat is running on behind the scenes, these
paramters are coming through.
Is there a class or something I need to do in order to
get these forwarded?
Thanks
-Matt
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat/IIS Integration url request.getParameter()
Great, I'll try it! Thanks. I would really like to run
Tomcat 4.0.3 but i was having problems setting it up.
The console was reporting Java errors when I went to
hit the page. But this discussion is for the other
newsgroup ;-)
-Matt
--- Larry Isaacs [EMAIL PROTECTED] wrote:
Matt,
I recall there being a bug related to this in the
isapi_redirect.dll for Tomcat 3.3. For security,
the dll
normalizes the URI before checking to see if it
should be
forwarded to Tomcat. If the URI was shortened
because
of this normalization, the query parameters would be
lost.
This is fixed in the isapi_redirect.dll distributed
with
Tomcat 3.3.1 and is fixed in the
jakarta-tomcat-connectors'
isapi_redirector.dll (note the added or before
.dll).
If you are using the isapi_redirect.dll from Tomcat
3.3,
try the one from Tomcat 3.3.1 and see if it fixes
your
problem. You will find it here:
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1/bin/win32/i386/
Cheers,
Larry
-Original Message-
From: Matt Fury [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 12:08 PM
To: [EMAIL PROTECTED]
Subject: Tomcat/IIS Integration url
request.getParameter()
Hi!
I've tried to search FAQ's and newgroups and
haven't
been able to find anything. Please forgive me if
its
been answered.
With the Tomcat 3.3/IIS forwarding jsp responses,
it
seems as though any url parameters are not being
forwarded and are returning NULL. ie.
http://localhost/index.jsp?username=blahpassword=yadayadayda
The username/password requests are not returning
anything. I can confirm this when I go to the port
tomcat is running on behind the scenes, these
paramters are coming through.
Is there a class or something I need to do in
order to
get these forwarded?
Thanks
-Matt
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail:
mailto:tomcat-dev-
[EMAIL PROTECTED]
For
additional commands,
e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
=
int myName() {
cout -Matt Fury \n;
return 0;
}
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
