Re: Strange problem with tomcat 4.1.2
) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3493) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:821) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579) at org.apache.catalina.core.StandardHostDeployer.addChild(StandardHostDeployer.java:529) at java.lang.reflect.Method.invoke(Native Method) at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java) at org.apache.commons.digester.SetNextRule.end(SetNextRule.java:260) at org.apache.commons.digester.Digester.endElement(Digester.java(Compiled Code)) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.DTDConfiguration.parse(Unknown Source) at org.apache.xerces.parsers.DTDConfiguration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.commons.digester.Digester.parse(Digester.java:1514) at === message truncated === = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
Yes I agree that some sort of JSP Tagging can be beneficial but at times it is overkill. I think the ultimate solution would be a combination of both. --- Bojan Smojver [EMAIL PROTECTED] wrote: On Wed, 2002-09-25 at 07:31, Matt Fury wrote: What's easier though? Upgrading a Tomcat server with a patch or re-architecting your whole site to accomodate for Velocity?? Short term, upgrading Tomcat. Long term, doing it in Velocity. Bojan -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How can I maintain sessions between IIS and Tomcat?
Hi Luca, ASP and JSP (IIS, Tomcat) are too separate server side languages and runtimes, hence there is no way to have them talk to each other via a Session Object since they each store sessions in a different manner. You may pass variables back and forth between them via a normal HTML manner but thats about it. Or you may choose to write to disk. -Matt --- Luca Ventura [EMAIL PROTECTED] wrote: Hello everybody! I have installed Tomcat as plug-in of Internet Information Server (IIS) to support JSP/Servlet, using the ISAPI filter. So I can support ASP pages thanks to IIS and Servlets/JSP-pages thanks to Tomcat. All works well if I don't use sessions. In fact if I create an user-session (object) in a JSP page or in a servlet, and then I insert information in it (using setAttribute() method of HttpSession class) , the session object just created is not visible in an ASP page. The same thing happens if I create the session in an ASP page: the session will not visible in a JSP page. It seems that IIS and Tomcat can't exchange session information between them...why? How can I solve this problem? Must I configure the ISAPI filter in some way? If yes..how? I hope someone can help me. Thanks in advance! Luca -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
This may be true (though I have never tested it). What's easier though? Upgrading a Tomcat server with a patch or re-architecting your whole site to accomodate for Velocity?? ;-) -Matt --- Jon Scott Stevens [EMAIL PROTECTED] wrote: on 2002/9/24 4:59 AM, Remy Maucherat [EMAIL PROTECTED] wrote: A security vulnerability has been confirmed to exist in all Apache Tomcat 4.x releases (including Tomcat 4.0.4 and Tomcat 4.1.10), which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraint, without the need for being properly authenticated. Once again...JSP sucks and Velocity is the right way to go...you will never have to worry about your container spilling your beans (pun intended). Given that Tomcat gets around 100k+ downloads/week...imagine how many servers now need to be updated and how much money and time that will cost to do so? http://jakarta.apache.org/velocity/ Wake up people. Velocity is faster and more secure than JSP will ever be. -jon -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat 4.0.4 w/ mySQL org.gjt.mm.mysql.Driver
I am confused. Can anyone tell me what changed between 4.0.3 and 4.0.4 that won't allow me to connect to my mySQL database anymore? Its denying any user/password I put in giving me a SQL Exception. My code hasn't changed at all in fact when I roll back to 4.0.3 it works fine. -Matt = int myName() { cout -Matt Fury \n; return 0; } __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat/IIS Integration url request.getParameter()
Hi! I've tried to search FAQ's and newgroups and haven't been able to find anything. Please forgive me if its been answered. With the Tomcat 3.3/IIS forwarding jsp responses, it seems as though any url parameters are not being forwarded and are returning NULL. ie. http://localhost/index.jsp?username=blahpassword=yadayadayda The username/password requests are not returning anything. I can confirm this when I go to the port tomcat is running on behind the scenes, these paramters are coming through. Is there a class or something I need to do in order to get these forwarded? Thanks -Matt = int myName() { cout -Matt Fury \n; return 0; } __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat/IIS Integration url request.getParameter()
Great, I'll try it! Thanks. I would really like to run Tomcat 4.0.3 but i was having problems setting it up. The console was reporting Java errors when I went to hit the page. But this discussion is for the other newsgroup ;-) -Matt --- Larry Isaacs [EMAIL PROTECTED] wrote: Matt, I recall there being a bug related to this in the isapi_redirect.dll for Tomcat 3.3. For security, the dll normalizes the URI before checking to see if it should be forwarded to Tomcat. If the URI was shortened because of this normalization, the query parameters would be lost. This is fixed in the isapi_redirect.dll distributed with Tomcat 3.3.1 and is fixed in the jakarta-tomcat-connectors' isapi_redirector.dll (note the added or before .dll). If you are using the isapi_redirect.dll from Tomcat 3.3, try the one from Tomcat 3.3.1 and see if it fixes your problem. You will find it here: http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1/bin/win32/i386/ Cheers, Larry -Original Message- From: Matt Fury [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 12:08 PM To: [EMAIL PROTECTED] Subject: Tomcat/IIS Integration url request.getParameter() Hi! I've tried to search FAQ's and newgroups and haven't been able to find anything. Please forgive me if its been answered. With the Tomcat 3.3/IIS forwarding jsp responses, it seems as though any url parameters are not being forwarded and are returning NULL. ie. http://localhost/index.jsp?username=blahpassword=yadayadayda The username/password requests are not returning anything. I can confirm this when I go to the port tomcat is running on behind the scenes, these paramters are coming through. Is there a class or something I need to do in order to get these forwarded? Thanks -Matt = int myName() { cout -Matt Fury \n; return 0; } __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:tomcat-dev- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] = int myName() { cout -Matt Fury \n; return 0; } __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]