-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Karen,
On 5/14/19 07:45, Karen Goh wrote: > On Tue, 5/14/19, Christopher Schultz <ch...@christopherschultz.net> > wrote: On 5/11/19 22:39, Karen Goh wrote: >> Currently, I am uploading a new .war file up to my hosting >> company. >> >>> However, I am puzzled how things work and would like to check >>> what is the norm out there. They are using httpd apache server >>> and tomcat.>> Basically, I have subscribed a private Tomcat >>> server so I get an instance of Tomcat server - 8.0.27. > >> That version is no longer supported by the "vendor" (Apache). You >> should tell your hosting company that you want a supported >> version if they are going to charge you for it :) > > May I know what version should I go for ? I would ask for 8.5.40 (or close) or 9.0.19 (or close). Those are the two currently support versions undergoing active development. Tomcat 7.0.x is still supported, but not much work is being done there anymore. >> What kind of access do you have for the server? If you have shell >> access, you can probably get the logs. Using System.out.println >> is not a great idea as it's pretty inflexible. It's better to use >> a "proper" logging system where you can specify the log file >> name, etc. > > I do have access to the Catalina log. Good. > The technical support guy just told me that they have put in the > logging jar for me in their Tomcat server! That shouldn't be necessary. System.out.println usually goes to catalina.out, so you should already be all set. It's possible to redirect it on a per-context basis, but then it just goes into another file, also in the logs/ directory. Do you have any other log files in there alongside catalina.out? >> If you are using container-managed authentication (which is what >> Tomcat Realms provide), then you have to trust the hosting >> provider. There is no way to prevent the hosting provider from >> seeing any secrets you have in that configuration. > > I am now mulling if I should use JWT. In this case, I can skip > the Realm configuration in tomcat right ? I have no experience with JWT. But if you don't trust your hosting provider, how can you trust them not to intercept your traffic, look at your databases, etc.? Your realm configuration is the least of your worries. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlza7p0ACgkQHPApP6U8 pFjFuRAAuxbPAYClfZ24LuVwgWG4xlfAYww1ni7SPFr2wPXbUcQgB0ThPzYAegL6 3gA4Lzbx6u+ZTfVHdZr8AYCkudf0oBh9UoLU/7DHQTtgchsyUCVkIS3dNILlJlR0 4MG21YWcFNzzEIQ+N1jsupLZoojyd+vbzKdyNjCdPKzWbF3XVSfK8vhn+PEOGQPV eECPXtLslZqyiFpUHNBZm/lnnXvlH/3qV0Mjqe4GWSVS33NGAdJQRIWvQjxKi3rY TnBLspyb0PFUWZo4OwVTa8bkM7MLsMn6RhdrPWy1vIl34Jy8GkS+azO5MgYjVpCZ VWb+tFHNP4hcnFii0JsX5q5Ugb+F8WhugjzTvbJiQ0Rq9xCO0NRVcF6GJxnoD9NI 8EkB/uHfwI0DJCDl33azl8CoomNQ0Btnf+yIMNi4MVux8H76dXjzUDne1gASmNgi zuO/rDLSQ+0f4f1tflZV89KiwXvSMea3dNw9tRQ2vKQ0kdhp8fQ/oF7QHFURjFeM +OEWKfIz+DEmCbI20TqENutTLFb6YeTpVDVkiB2uih1LoXMkccoZFOgKKYARJDev x0qw3AX/PhHTPtBIaokJAQT1fWTcboD4FHHHLiQ8FpKTAjPHFzkOwoSUFEsiAXYM M3mdX40l5TrPnBvYRHons8gvVlmfIgA0p+1sbD0ngOpDEd7iA4k= =/ZG2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org