Re: [OT] programming style or mental process ?
> > > > In your case, with a function call, this wouldn't make a difference > > "if(request.getCharacterEncoding() = null)" would be illegal syntax as > > well, but "if(someObject = null)" is perfectly legal, but doesn't > > express the author's intent clearly: Is it a smart person who's taking a > > shortcut, or a newbie using the wrong operator? > > > > Let the seasoned programmer who's never made that same mistake throw the > first stone. > I think I never did that mistake. Or at least, I didn't realize it.
Re: [ANN] New committer: Woonsan Ko
Congratulations Woonsan! Keep up the good work! Regards, Zala On Wed, Dec 19, 2018 at 10:56 AM Mark Thomas wrote: > On behalf of the Tomcat committers I am pleased to announce that > Woonsan Ko (woonsan) has been voted in as a new Tomcat committer. > > Please join me in welcoming him. > > Kind regards, > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: [ANN] New committer: Igal Sapir
Well done! Congratulations! Regards, Zala On Fri, May 25, 2018 at 12:38 PM, Felix Schumacher < felix.schumac...@internetallee.de> wrote: > Congrats, > Felix > > Am 24. Mai 2018 21:09:06 MESZ schrieb Mark Thomas: > >On behalf of the Tomcat committers I am pleased to announce that > >Igal Sapir (isapir) has been voted in as a new Tomcat committer. > > > >Please join me in welcoming him. > > > >Regards, > > > >Mark > > > >- > >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >For additional commands, e-mail: dev-h...@tomcat.apache.org > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: [OT] MoSkito (was: ApacheCon anyone?)
On Sat, May 13, 2017 at 4:29 PM, Mark Thomaswrote: > On 13 May 2017 08:09:38 BST, "Igal @ Lucee.org" wrote: > >Leon, > > > >On 5/12/2017 3:32 PM, Leon Rosenberg wrote: > >> > >> Yeah, strange isn't it? Unfortunately I haven't submitted and my > >decision > >> to come to apache con was rather spontaneous... But, know what Chris > >? > >> You'll be there, I'll be there and my notebook will be there too, so > >you > >> can have a private presentation anytime you want ;-))) And everyone > >else > >> who's interested too ;-) So how about MoSkito-private-hour? ;-) > > > >I've heard of MoSkito for the first time from this thread, and it seems > >very interesting. > > > >It'd be great if you can post a video of such private presentation > >online (thus making it not-so-private-anymore), for those of us who can > >not attend ApacheCon. > > If there is interest, and Leon has the time, we can set up a webinar. > > Mark > > I'd really like to attend! Zala -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: [ANN] New committer: Michael Osipov
On Mon, May 8, 2017 at 3:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Michael, > > On 5/8/17 4:08 AM, Mark Thomas wrote: > > On behalf of the Tomcat committers I am pleased to announce that > > Michael Osipov (michaelo) has been voted in as a new Tomcat > > committer. > > > > Please join me in welcoming him. Congratulations!
Re: [ANN] New committer: Emmanuel Bourg
Toutes mes félicitations ! Le 20 janv. 2017 18:12, "Mark Thomas"a écrit : > On behalf of the Tomcat committers I am pleased to announce that > Emmanuel Bourg (ebourg) has been voted in as a new Tomcat committer. > > Please join me in welcoming him. > > Regards, > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: “Virtual hosting” with port removed?
Good evening, If you use Tomcat alone (without Apache or any other web servers), you'll have to find a way to have it listen on the port 80 (there a some of them available on the web). Because Tomcat uses the port 8080 by default. In such a situation, you can't remove the port number: no port number in the address bar means port 80! And as you use MacOS X, which is a Unix derivative, you can't just modify Tomcat's server.xml and ask it to use the port 80: on Unix, port numbers 1024 are reserved and a program needs the root privileges to bind to them. One more thing: any Tomcat distribution is able to set up a virtual host, so you should definitively use the plain-vanilla Tomcat available officially. Regards, Pierre On Mon, Feb 2, 2015 at 12:22 AM, Micky Hulse mickyhu...@gmail.com wrote: Thanks for tips Hassan! I really appreciate it! I'll follow your suggestions and take another stab at it. I'll post back here with my results. On Feb 1, 2015, at 2:46 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: Why? Download the real thing, untar, done. No questions about packaging issues. Who knows what this thing does? Good point! Silly question: Will the real thing allow me to setup a vhost like in Apache2? OK, is your problem with httpd or Tomcat? Is httpd responding to your request for 'http://tomcat.local/'? I was able to get tomcat.local to work, but not without the port. If so, then why aren't you proxying everything to Tomcat? You don't need to proxy every app individually, and you're not proxying ROOT at all. Your gists and your stated goals seem at cross purposes... Sorry about that. I copied where I left off. I had tried many variations of the code you see (with and without app specified). Anyway, I apologize for the confusion I created. I'll be back! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur le sable pour qu'il bouille au soleil.
Re: “Virtual hosting” with port removed?
Ho, just to be sure: never ever launch Tomcat with root privileges. Right? :-) On Mon, Feb 2, 2015 at 1:39 AM, Zala Pierre GOUPIL goupilpie...@gmail.com wrote: Good evening, If you use Tomcat alone (without Apache or any other web servers), you'll have to find a way to have it listen on the port 80 (there a some of them available on the web). Because Tomcat uses the port 8080 by default. In such a situation, you can't remove the port number: no port number in the address bar means port 80! And as you use MacOS X, which is a Unix derivative, you can't just modify Tomcat's server.xml and ask it to use the port 80: on Unix, port numbers 1024 are reserved and a program needs the root privileges to bind to them. One more thing: any Tomcat distribution is able to set up a virtual host, so you should definitively use the plain-vanilla Tomcat available officially. Regards, Pierre On Mon, Feb 2, 2015 at 12:22 AM, Micky Hulse mickyhu...@gmail.com wrote: Thanks for tips Hassan! I really appreciate it! I'll follow your suggestions and take another stab at it. I'll post back here with my results. On Feb 1, 2015, at 2:46 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: Why? Download the real thing, untar, done. No questions about packaging issues. Who knows what this thing does? Good point! Silly question: Will the real thing allow me to setup a vhost like in Apache2? OK, is your problem with httpd or Tomcat? Is httpd responding to your request for 'http://tomcat.local/'? I was able to get tomcat.local to work, but not without the port. If so, then why aren't you proxying everything to Tomcat? You don't need to proxy every app individually, and you're not proxying ROOT at all. Your gists and your stated goals seem at cross purposes... Sorry about that. I copied where I left off. I had tried many variations of the code you see (with and without app specified). Anyway, I apologize for the confusion I created. I'll be back! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur le sable pour qu'il bouille au soleil. -- Si le sang ne coule pas assez chaud dans tes veines, je le répandrai sur le sable pour qu'il bouille au soleil.
Re: Feature suggestion: excludeCiphers
Thanks, man! It's really helpful! On Thu, Nov 13, 2014 at 5:43 PM, Glen Peterson g...@organicdesign.org wrote: Thank you Mark - that works great! That feature suggestion is not needed after all. I found two places where the Tomcat 8 documentation could be more helpful. I would be happy to do the following updates if I'm allowed: 1. I didn't see ciphers on this page at all (maybe it should be renamed TLS-howto in a post-POODLE world?): http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html 2. The ciphers section here doesn't mention that it accepts the OpenSSL syntax: http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html This page has a helpful description of the syntax (what I used to learn it today): https://www.openssl.org/docs/apps/ciphers.html If you like the ciphers element below, you are welcome to paste it in the docs. For anyone interested, this is what I ended up with: ciphers=ALL:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!3DES:!TLS_RSA_WITH_AES_128_CBC_SHA256:!TLS_RSA_WITH_AES_128_CBC_SHA:!TLS_RSA_WITH_AES_128_GCM_SHA256:@STRENGTH Maybe someone more familiar with OpenSSL options could do better, but this is working and should be forward-compatible because it eliminates weaker ciphers without specifying which stronger ones to use. Note that without specifying @STRENGTH (which means to sort in decreasing order by strength), nmap couldn't find TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 but Qualys did, so sorting seems to have some effect for certain clients. Even sorted like this, Qualys still reports that, the server has no preference. Also note, that the new configuration doesn't support IE8 on Windows XP, but we currently support IE8/Vista and forward. Qualys says IE7 on Vista still works, so presumably IE8 would work there too. On Thu, Nov 13, 2014 at 9:16 AM, Mark Thomas ma...@apache.org wrote: On 13/11/2014 02:58, Glen Peterson wrote: Tomcat has been one of my favorite pieces of software for about a decade. Thanks to all your generous contributions it just keeps getting better! I appreciate the focus on security in Tomcat 8. Suggestion: = Instead of specifying allowed ciphers in the Connector node of server.xml, I'd like to specify dis-allowed/excluced ciphers so that as new, better cipher suites become available we won't have to do anything. Maybe an excludeCiphers attribute? You should be able to do this already in Tomcat 8 if you use the OpenSSl syntax. Mark Background: = We're getting an 'A' on the Qualys TLS test with stand-alone Tomcat, which is pretty cool: https://www.ssllabs.com/ssltest/index.html Mostly, that's because of the following settings (in case this helps anyone): Connector port=8443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 SSLEnabled=true scheme=https secure=true clientAuth=false sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2 compression=on disableUploadTimeout=true connectionTimeout=18 URIEncoding=UTF-8 keystorePass=notTheRealPassword ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA / It seems like just a few years ago there were about 50 cipher suites to choose from. Now there are 12 that work with TLS. Eight of those have Forward Security (the 8 listed above). Presumably those eight will also become outdated over time and new ones will be added to replace them. The problem with specifying ciphers as above is that someone will have to know when and how to manually update the cipher list. With each upgrade of Java, we need to remember to do something like the following: - Delete the ciphers attribute - Restart tomcat - Test here: https://www.ssllabs.com/ssltest/index.html - Copy the list of cipher suites - Delete any that don't support Forward Security - Make a new ciphers attribute. - Verify that the browsers and devices we support will still work. To be honest, I'm not sure if that needs to be done with each Java patch release, or only when Java 9 comes out. If instead of specifying valid ciphers, I specified invalid ones, then the new ones would just flow through the system and become available without me doing anything! Thank you in advance for considering this suggestion. @GlenKPeterson - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For
Re: [ANN] New committer: Felix Schumacher
Congratulations! You can be proud! Regards, Pierre On Fri, Sep 19, 2014 at 9:49 AM, Rainer Jung rj...@apache.org wrote: On behalf of the Tomcat committers I am pleased to announce that Felix Schumacher (fschumacher) has been voted in as a new Tomcat committer. Please join me in welcoming him. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- La vie est source de joie, la mort est source de paix, seule la transition est difficile.