-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David,
On 8/8/13 5:47 PM, David Landis wrote:
On Thu, Aug 8, 2013 at 5:19 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
... and the SSLDisableCompression setting (when set to false)
is intended to mitigate the CRIME attack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Martin,
On 8/8/13 8:20 PM, Martin Gainty wrote:
as earlier mentioned
chrome is the only browser that supports compression on SSL
streams
Mozilla Firefox had implemented TLS+compression for SPDY requests, and
thus was vulnerable. Since CRIME,
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad it took a researcher a year to figure out that
compression of any kind makes encryption (where the attacker can force
random probing attacks) weak. It's not like SSL+compression and
SSL-compression+compression is that different.
It
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/9/13 9:14 AM, Mark Thomas wrote:
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad it took a researcher a year to figure out that
compression of any kind makes encryption (where the attacker can
force random probing
On 09/08/2013 15:28, Christopher Schultz wrote:
Mark,
On 8/9/13 9:14 AM, Mark Thomas wrote:
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad it took a researcher a year to figure out that
compression of any kind makes encryption (where the attacker can
force random probing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/9/13 11:10 AM, Mark Thomas wrote:
On 09/08/2013 15:28, Christopher Schultz wrote:
Mark,
On 8/9/13 9:14 AM, Mark Thomas wrote:
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad it took a researcher a year to figure out
On 8/9/2013 8:10 AM, Mark Thomas wrote:
On 09/08/2013 15:28, Christopher Schultz wrote:
Mark,
On 8/9/13 9:14 AM, Mark Thomas wrote:
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad it took a researcher a year to figure out that
compression of any kind makes encryption (where
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/9/13 12:17 PM, Mark Eggers wrote:
On 8/9/2013 8:10 AM, Mark Thomas wrote:
On 09/08/2013 15:28, Christopher Schultz wrote:
Mark,
On 8/9/13 9:14 AM, Mark Thomas wrote:
On 09/08/2013 14:50, Christopher Schultz wrote:
It's too bad
Hi,
I was wondering if someone could clarify the difference between the
configuration parameters mentioned in the subject of this email or point me
to some documentation that explains it?
Do they both refer to the same type of compression?
Based on the Tomcat docs I know the former controls
On 08/08/2013 18:14, David Landis wrote:
Hi,
I was wondering if someone could clarify the difference between the
configuration parameters mentioned in the subject of this email or point me
to some documentation that explains it?
Do they both refer to the same type of compression?
No.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/8/13 12:45 PM, Mark Thomas wrote:
On 08/08/2013 18:14, David Landis wrote:
Hi,
I was wondering if someone could clarify the difference between
the configuration parameters mentioned in the subject of this
email or point me to some
On Thu, Aug 8, 2013 at 5:19 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
... and the SSLDisableCompression setting (when set to false) is
intended to mitigate the CRIME attack against SSL/TLS compression.
Feel free to read online all about the CRIME attack.
That was what I
uebernehmen.
Date: Thu, 8 Aug 2013 17:47:36 -0400
Subject: Re: Tomcat config question: 'compression' versus
'SSLDisableCompression'
From: dlan...@gmail.com
To: users@tomcat.apache.org
On Thu, Aug 8, 2013 at 5:19 PM, Christopher Schultz
ch...@christopherschultz.net wrote
Dick Steflik
Binghamton University
Caldarale, Charles R wrote:
From: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move thecontext statements out of server.xml and into
context.xml?
It'sContext notcontext - case matters.
or is there something
: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move thecontext statements out of server.xml and into
context.xml?
It'sContext notcontext - case matters.
or is there something else I have to do.
Reading the doc would be a good first step:
http
: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move thecontext statements out of server.xml and into
context.xml?
It'sContext notcontext - case matters.
or is there something else I have to do.
Reading the doc would
apps preinstalled in Tomcat also use a
META-INF directory.)
p
Dick Steflik
Binghamton University
Caldarale, Charles R wrote:
From: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move thecontext statements out of server.xml and into
context.xml
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dick,
On 12/15/2009 8:15 AM, steflik wrote:
I'm a little bit hesitant as a number of the students are still struggling
to get their JSP project done. Right now the server is running and the
Context statements that define where the apps are are
commands, e-mail: users-h...@tomcat.apache.org
--
View this message in context:
http://old.nabble.com/Tomcat-Config-Question-tp26711131p26779949.html
Sent from the Tomcat - User mailing list archive at Nabble.com
On 14/12/2009 18:46, steflik wrote:
Markus,
Do I just move thecontext statements out of server.xml and into
context.xml?
or is there something else I have to do. If thats all I have to do do I
place them before or after the watched element tag that is already in the
context.xml file?
There
From: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move the context statements out of server.xml and into
context.xml?
It's Context not context - case matters.
or is there something else I have to do.
Reading the doc would be a good first step
place?
Dick Steflik
Binghamton University
Caldarale, Charles R wrote:
From: steflik [mailto:stef...@binghamton.edu]
Subject: Re: Tomcat Config Question
Do I just move the context statements out of server.xml and into
context.xml?
It's Context not context - case matters
before it takes effect. Is there a way to configure Tomcat so that changes
in a users web.xml file will be automatically sensed by the server and take
effect immediately?
Dick Steflik
Binghamton University
Binghamton, NY
--
View this message in context:
http://old.nabble.com/Tomcat-Config-Question
09.12.2009 15:31, steflik:
I'm teaching a Web Programming course and am using Tomcat 6 for the
servlet/jsp portion of the course. I have created a context for each student
in the server.xml file and it seems to work pretty good but if a student
modifies the web.xml file in their application I
From: steflik [mailto:stef...@binghamton.edu]
Subject: Tomcat Config Question
I have created a context for each student in the server.xml file
Don't do that - very strongly discouraged to have any webapp-specific
information in server.xml. The Context elements should be in
conf/Catalina
The global conf/context.xml file should have a
WatchedResource element for WEB-INF/web.xml; Tomcat should
automatically restart the webapp unless you've removed that
or disabled deployOnStartup in the Host element.
In my experience, Tomcat has problems reloading webapps
on occasion. This
On 09/12/2009 14:52, Neil Aggarwal wrote:
The global conf/context.xml file should have a
WatchedResource element for WEB-INF/web.xml; Tomcat should
automatically restart the webapp unless you've removed that
or disabled deployOnStartup in theHost element.
In my experience, Tomcat has
2009/12/9 steflik stef...@binghamton.edu
I'm teaching a Web Programming course and am using Tomcat 6 for the
servlet/jsp portion of the course. I have created a context for each
student
in the server.xml file and it seems to work pretty good but if a student
modifies the web.xml file in
Hi,
I'm very new to Tomcat and web server stuff but have been asked to set up
multiple instances of Tomcat on one server to talk to some database servers.
I've found the existing documentation a little confusing (sorry) and was
wondering if anyone would be able either to give me step-by-step
Hi Cristopher,
I was also under the impression that I had to use a
connector (mod_jk?) but this wasn't hugely clear to me.
You only need mod_jk if you want to connect Apache to Tomcat. If you are
using Tomcat as standalone server, only configure Tomcat.
The most important configuration file
Chris (Garwood),
I need to set up multiple instances
of Tomcat, one for each web front end so that each front end can talk to
its respective database.
As someone else on the the list mentioned, you can probably run a single
instance of Tomcat with multiple contexts (webapps) defined. It's not
From: Carl T. Dreher [mailto:[EMAIL PROTECTED]
Subject: How use the archives and a TomCat config question
I found the archives for this list, but it consists of about
14K messages and no search mechanism.
Try this one:
http://marc.theaimsgroup.com/?l=tomcat-userr=1w=2
The search
Carl T. Dreher wrote:
snip
I'm sure this has been answered before, but as I said, the archives
aren't much use. (By the way, it took me TWO DAYS to successfully
subscribe to this list. The TomCat site has links to pages that list a
variety of mailings lists. Every one I tried before this
I did notice that http://tomcat.apache.org/faq/tomcatuser.html could use some
cleaning. I'll try fix that soon. (Unless someone beats me too it)
-Tim
Mark Thomas wrote:
Carl T. Dreher wrote:
snip
I'm sure this has been answered before, but as I said, the archives
aren't much use. (By the
34 matches
Mail list logo