Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3409719 for [EMAIL PROTECTED]; Thu, 09 Jan 2003 03:57:23 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id EAA06234 for [EMAIL PROTECTED]; Thu, 9 Jan 2003 04:45:32 -0500 (EST) Received: (qmail 26016 invoked by uid 97); 9 Jan 2003 10:58:34 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 26004 invoked by uid 98); 9 Jan 2003 10:58:33 - X-Antivirus: nagoya (v4218 created Aug 14 2002) Message-ID: [EMAIL PROTECTED] Date: Thu, 09 Jan 2003 10:53:50 +0100 From: Remy Maucherat [EMAIL PROTECTED] Organization: ASF User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Duplicate session IDs are *common* References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=060506040306030306060400 X-Spam-Rating: localhost.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N --060506040306030306060400 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Schnitzer, Jeff wrote: For whatever reason, be it the seed algorithm or the hashing algorithm or something else that degenerates the randomness - the duplicate session ID problem is very, very common. I discovered this problem because a few of our users suddenly found themselves with the sessions from administrative accounts. Luckily they alerted us instead of causing mayhem. There were at least three separate occasions of this in the last week - that we heard about. We have also seen this a number of times with other game components - users suddenly finding themselves logged in as other people. It probably explains the recent post to tomcat-user included below. Here at my company this problem caused about as much panic as a wildfire breaking out in the machine room (read: LOTS). I humbly suggest raising the level of concern a bit; post a security bulletin, etc. We have to make sure the problem is real before putting out any advisory. You should patch the ManagerBase class to the latest version to see if it helps (compile the latest version, and put it in $CATALINA_HOME/server/classes/org/apache/catalina/session). A compiled version is attached to this email if you can't get it easily. However: - We did not have any reports before 4.1.18 that the algorithm used was weak; it was actually believed it was not, and it had been around for a long time (I do not believe it was touched at all for months). - A MD5 hash occurs after getting the SecureRandom. This looks like a mistake, and decreases the quality of the random a lot, but given the quality of MD5, that shouldn't be noticeable in the real world. - If collisions *do* actyually happen, then it is a security problem and the patch to the StandardManager should fix it. However, it would also indicate that the ids generated can likely be guessed by an attacker, so we also have to fix the algorithm. Remy --060506040306030306060400 Content-Type: application/octet-stream; name=ManagerBase.class Content-Transfer-Encoding: base64 Content-Disposition: attachment; FOR ANTI-VIRUS SECURITY, THIS EMAIL HAS BEEN REJECTED. REASON: THIS EMAIL CONTAINED AN ATTACHMENT TYPE OF '.class' WHICH IS NOT PERMITTED. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com)
by voyanttech.com (CommuniGate Pro SMTP 3.4b3)
with SMTP id 3430066 for [EMAIL PROTECTED]; Fri, 10 Jan 2003 16:06:16 -0700
Received: from exchange.sun.com (exchange.sun.com [192.18.33.10])
by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id QAA26144
for [EMAIL PROTECTED]; Fri, 10 Jan 2003 16:54:21 -0500 (EST)
Received: (qmail 28659 invoked by uid 97); 10 Jan 2003 23:07:29 -
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Unsubscribe: mailto:[EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL PROTECTED]
List-Help: mailto:[EMAIL PROTECTED]
List-Post: mailto:[EMAIL PROTECTED]
List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
Delivered-To: mailing list [EMAIL PROTECTED]
Received: (qmail 28643 invoked by uid 98); 10 Jan 2003 23:07:28 -
X-Antivirus: nagoya (v4218 created Aug 14 2002)
From: Bradley M. Handy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: JNDIRealm feature enhancements
Date: Fri, 10 Jan 2003 18:06:02 -0500
Message-ID: 000a01c2b8fc$d8a77e00$[EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary==_NextPart_000_000B_01C2B8D2.EFD17600
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Virus-Scanned: by AMaViS perl-10
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
--=_NextPart_000_000B_01C2B8D2.EFD17600
Content-Type: multipart/alternative;
boundary==_NextPart_001_000C_01C2B8D2.EFD17600
--=_NextPart_001_000C_01C2B8D2.EFD17600
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
After setting up a JNDIRealm for the Manager app, I noticed after a
while the connection times out and returns NULL automatically. I was
wondering, if instead of returning NULL, JNDIRealm to try to reconnect
and then authenticate, and then return NULL, if a failure results from
that attempt, otherwise return the JNDIRealm.User object.
Also I've notice there is no method for specifying an alternate
connection URL in the event the URL specified in connectionURL is not
available. So, I took the liberty of adding an attribute alternateURL
to specify a secondary URL. When the JNDIRealm opens a connection it
will attempt the primary, and, upon failure, then attempt to connect to
the alternate URL. If this should fail, the JNDIRealm fails as it did
before.
In both features the first exception is logged before the second attempt
to connect proceeds.
I have attached the CVS diff between my copy of JNDIRealm and the
current HEAD version of JNDIRealm.
Brad Handy
Programmer/Analyst
Spring Arbor University
--=_NextPart_001_000C_01C2B8D2.EFD17600
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
html xmlns:o=3Durn:schemas-microsoft-com:office:office =
xmlns:w=3Durn:schemas-microsoft-com:office:word =
xmlns=3Dhttp://www.w3.org/TR/REC-html40;
head
META HTTP-EQUIV=3DContent-Type CONTENT=3Dtext/html; =
charset=3Dus-ascii
meta name=3DProgId content=3DWord.Document
meta name=3DGenerator content=3DMicrosoft Word 10
meta name=3DOriginator content=3DMicrosoft Word 10
link rel=3DFile-List href=3Dcid:[EMAIL PROTECTED];
!--[if gte mso 9]xml
o:OfficeDocumentSettings
o:DoNotRelyOnCSS/
/o:OfficeDocumentSettings
/xml![endif]--!--[if gte mso 9]xml
w:WordDocument
w:SpellingStateClean/w:SpellingState
w:GrammarStateClean/w:GrammarState
w:DocumentKindDocumentEmail/w:DocumentKind
w:EnvelopeVis/
w:Compatibility
w:BreakWrappedTables/
w:SnapToGridInCell/
w:ApplyBreakingRules/
w:WrapTextWithPunct/
w:UseAsianBreakRules/
/w:Compatibility
w:BrowserLevelMicrosoftInternetExplorer4/w:BrowserLevel
/w:WordDocument
/xml![endif]--
style
!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:;
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Times New Roman;
mso-fareast-font-family:Times New Roman;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.SpellE
{mso-style-name:;
mso-spl-e:yes;}
span.GramE
{mso-style-name:;
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3436537 for [EMAIL PROTECTED]; Sun, 12 Jan 2003 16:04:42 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id QAA08225 for [EMAIL PROTECTED]; Sun, 12 Jan 2003 16:52:44 -0500 (EST) Received: (qmail 25756 invoked by uid 97); 12 Jan 2003 23:05:56 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 25742 invoked by uid 98); 12 Jan 2003 23:05:55 - X-Antivirus: nagoya (v4218 created Aug 14 2002) Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-ID: [EMAIL PROTECTED] Date: Sun, 12 Jan 2003 16:03:35 -0700 From: Phil Steitz [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Duplicate session IDs are *common*[GFI-T105-3E21F8D3D7B6FFDE] References: [EMAIL PROTECTED] [EMAIL PROTECTED] 01cf01c2b9d6$f43cf250$[EMAIL PROTECTED] avr7o5$m1r$[EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=080606090209080902030004 X-OriginalArrivalTime: 12 Jan 2003 23:03:35.0647 (UTC) FILETIME=[D5E4F6F0:01C2BA8E] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N --080606090209080902030004 Content-Type: text/plain; format=flowed; charset=us-ascii Content-Transfer-Encoding: 7bit Costin Manolache wrote: Could you make a small modification and run the same test with 20 concurent threads ? I checked the code and we have plenty of syncs, but you never know. OK -- for this I went to the horse's (or maybe I should say, cat's) mouth with the same result -- collisions still look very unlikely. Here is what I did (using unpatched tomcat 4.1.18, Sun's linux JDK 1.3.1_03): 1. Put a jsp that does nothing but get a session and then invalidate it (sessionTest.jsp) in /webapps/examples; 2. Set up a jmeter test with 20 threads, no delay, hitting sessionTest.jsp 500 times each (SessionTest.jmx); 3. grep 'Created' localhost_examples_log.date.txt sessions.txt; 4. Run DispersionCheck.java (attached) to grab the generated session IDs from sessions.txt and do the comparisons as before. Output is attached as DispersionCheckOut.txt. Note that among the 199,990,000 pairs of session ID's examined, none agreed in more than 13 of 32 hex digits. BTW, I noticed that in my original tests, I was only comparing the first half of the strings (forgot that the hex conversion doubles the length - DOH!). I have attached a corrected version of the standalone program DispersionCheck.java that does all of the comparisons and compares the distribution to B(32,1/16) instead of B(16,1/16). Results are as expected. -Phil I did check the code and it looks ok - plenty of synchronized() blocks. But who knows ? If there is a problem, it could be protection, not just synchronization (which just guarantees serialization). I notice that the valid flag is used to protect sessions from being updated while they are expiring, etc. I posted a (probably insignificant) bug report a couple of weeks ago (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15746) indicating that a session being recycled could in theory have attributes added by other threads still holding references to it between the time that its attributes are cleared and when its isValid flag is set to false. The result would be that a dirty session would be reused. I have been trying to make this (or other similar things) to happen using jmeter tests to no avail; but I will keep trying. Costin --080606090209080902030004 Content-Type: text/plain; name=SessionTest.jmx Content-Transfer-Encoding: 7bit Content-Disposition: inline; FOR ANTI-VIRUS SECURITY, THIS EMAIL HAS BEEN REJECTED. REASON: THIS EMAIL CONTAINED AN ATTACHMENT TYPE OF '.jmx' WHICH IS NOT PERMITTED. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[ERR] DO NOT REPLY [Bug 20663] - Cannot shutdown Tomcat gracefully
Transmit Report:
To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
---BeginMessage---
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663
Cannot shutdown Tomcat gracefully
--- Additional Comments From [EMAIL PROTECTED] 2003-07-25 07:28 ---
workaround for those who are not scripting experts like myself: killTomcat.sh
#!/bin/sh
list=`ps -ef | grep jakarta-tomcat | grep -v grep | awk '{ print $2}'`
for i in $list
do
kill -9 $i
done
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---End Message---
[ERR] Tomcat 5
Transmit Report:
To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED])
---BeginMessage---
Hi Sirs,
I have installed Tomcat 5 in my system and I try to run one simple JSTL jsp page, some
error has come. Please help me to give one solution to this.Please send the help file
for configuring Tomcat 5 to run JSTL..The error is org.apache.jasper.JasperException:
The absolute uri: http://java.sun.com/jstl/core_rt cannot be resolved in either.
The code is
%@ taglib uri=http://java.sun.com/jstl/core_rt; prefix=c %
html
body
You sent the following request headers:
p/
table border=1
tr
th
Header
/th
th
Value
/th
/tr
c:forEach var=entry items=${header}
tr
td
${entry.key}
/td
td
${entry.value}
/td
/tr
/c:forEach
/table
/body
/html
Regards
Sheejo
-
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software---End Message---
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:RE: [5.next] Progress, more ideas and native connector benchmarks From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:RE: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: [5.next] Progress, more ideas and native connector benchmarks From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
