Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3409719 for [EMAIL PROTECTED]; Thu, 09 Jan 2003 03:57:23 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id EAA06234 for [EMAIL PROTECTED]; Thu, 9 Jan 2003 04:45:32 -0500 (EST) Received: (qmail 26016 invoked by uid 97); 9 Jan 2003 10:58:34 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 26004 invoked by uid 98); 9 Jan 2003 10:58:33 - X-Antivirus: nagoya (v4218 created Aug 14 2002) Message-ID: [EMAIL PROTECTED] Date: Thu, 09 Jan 2003 10:53:50 +0100 From: Remy Maucherat [EMAIL PROTECTED] Organization: ASF User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2) Gecko/20021126 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Duplicate session IDs are *common* References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=060506040306030306060400 X-Spam-Rating: localhost.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N --060506040306030306060400 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Schnitzer, Jeff wrote: For whatever reason, be it the seed algorithm or the hashing algorithm or something else that degenerates the randomness - the duplicate session ID problem is very, very common. I discovered this problem because a few of our users suddenly found themselves with the sessions from administrative accounts. Luckily they alerted us instead of causing mayhem. There were at least three separate occasions of this in the last week - that we heard about. We have also seen this a number of times with other game components - users suddenly finding themselves logged in as other people. It probably explains the recent post to tomcat-user included below. Here at my company this problem caused about as much panic as a wildfire breaking out in the machine room (read: LOTS). I humbly suggest raising the level of concern a bit; post a security bulletin, etc. We have to make sure the problem is real before putting out any advisory. You should patch the ManagerBase class to the latest version to see if it helps (compile the latest version, and put it in $CATALINA_HOME/server/classes/org/apache/catalina/session). A compiled version is attached to this email if you can't get it easily. However: - We did not have any reports before 4.1.18 that the algorithm used was weak; it was actually believed it was not, and it had been around for a long time (I do not believe it was touched at all for months). - A MD5 hash occurs after getting the SecureRandom. This looks like a mistake, and decreases the quality of the random a lot, but given the quality of MD5, that shouldn't be noticeable in the real world. - If collisions *do* actyually happen, then it is a security problem and the patch to the StandardManager should fix it. However, it would also indicate that the ids generated can likely be guessed by an attacker, so we also have to fix the algorithm. Remy --060506040306030306060400 Content-Type: application/octet-stream; name=ManagerBase.class Content-Transfer-Encoding: base64 Content-Disposition: attachment; FOR ANTI-VIRUS SECURITY, THIS EMAIL HAS BEEN REJECTED. REASON: THIS EMAIL CONTAINED AN ATTACHMENT TYPE OF '.class' WHICH IS NOT PERMITTED. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3430066 for [EMAIL PROTECTED]; Fri, 10 Jan 2003 16:06:16 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id QAA26144 for [EMAIL PROTECTED]; Fri, 10 Jan 2003 16:54:21 -0500 (EST) Received: (qmail 28659 invoked by uid 97); 10 Jan 2003 23:07:29 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 28643 invoked by uid 98); 10 Jan 2003 23:07:28 - X-Antivirus: nagoya (v4218 created Aug 14 2002) From: Bradley M. Handy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: JNDIRealm feature enhancements Date: Fri, 10 Jan 2003 18:06:02 -0500 Message-ID: 000a01c2b8fc$d8a77e00$[EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_000B_01C2B8D2.EFD17600 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Virus-Scanned: by AMaViS perl-10 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N --=_NextPart_000_000B_01C2B8D2.EFD17600 Content-Type: multipart/alternative; boundary==_NextPart_001_000C_01C2B8D2.EFD17600 --=_NextPart_001_000C_01C2B8D2.EFD17600 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit After setting up a JNDIRealm for the Manager app, I noticed after a while the connection times out and returns NULL automatically. I was wondering, if instead of returning NULL, JNDIRealm to try to reconnect and then authenticate, and then return NULL, if a failure results from that attempt, otherwise return the JNDIRealm.User object. Also I've notice there is no method for specifying an alternate connection URL in the event the URL specified in connectionURL is not available. So, I took the liberty of adding an attribute alternateURL to specify a secondary URL. When the JNDIRealm opens a connection it will attempt the primary, and, upon failure, then attempt to connect to the alternate URL. If this should fail, the JNDIRealm fails as it did before. In both features the first exception is logged before the second attempt to connect proceeds. I have attached the CVS diff between my copy of JNDIRealm and the current HEAD version of JNDIRealm. Brad Handy Programmer/Analyst Spring Arbor University --=_NextPart_001_000C_01C2B8D2.EFD17600 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable html xmlns:o=3Durn:schemas-microsoft-com:office:office = xmlns:w=3Durn:schemas-microsoft-com:office:word = xmlns=3Dhttp://www.w3.org/TR/REC-html40; head META HTTP-EQUIV=3DContent-Type CONTENT=3Dtext/html; = charset=3Dus-ascii meta name=3DProgId content=3DWord.Document meta name=3DGenerator content=3DMicrosoft Word 10 meta name=3DOriginator content=3DMicrosoft Word 10 link rel=3DFile-List href=3Dcid:[EMAIL PROTECTED]; !--[if gte mso 9]xml o:OfficeDocumentSettings o:DoNotRelyOnCSS/ /o:OfficeDocumentSettings /xml![endif]--!--[if gte mso 9]xml w:WordDocument w:SpellingStateClean/w:SpellingState w:GrammarStateClean/w:GrammarState w:DocumentKindDocumentEmail/w:DocumentKind w:EnvelopeVis/ w:Compatibility w:BreakWrappedTables/ w:SnapToGridInCell/ w:ApplyBreakingRules/ w:WrapTextWithPunct/ w:UseAsianBreakRules/ /w:Compatibility w:BrowserLevelMicrosoftInternetExplorer4/w:BrowserLevel /w:WordDocument /xml![endif]-- style !-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Times New Roman; mso-fareast-font-family:Times New Roman;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:; mso-spl-e:yes;} span.GramE {mso-style-name:; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;
Email Rejected: Unknown or disallowed attachment type
Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3436537 for [EMAIL PROTECTED]; Sun, 12 Jan 2003 16:04:42 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) with SMTP id QAA08225 for [EMAIL PROTECTED]; Sun, 12 Jan 2003 16:52:44 -0500 (EST) Received: (qmail 25756 invoked by uid 97); 12 Jan 2003 23:05:56 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Post: mailto:[EMAIL PROTECTED] List-Id: Tomcat Developers List tomcat-dev.jakarta.apache.org Reply-To: Tomcat Developers List [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 25742 invoked by uid 98); 12 Jan 2003 23:05:55 - X-Antivirus: nagoya (v4218 created Aug 14 2002) Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-ID: [EMAIL PROTECTED] Date: Sun, 12 Jan 2003 16:03:35 -0700 From: Phil Steitz [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020408 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List [EMAIL PROTECTED] Subject: Re: Duplicate session IDs are *common*[GFI-T105-3E21F8D3D7B6FFDE] References: [EMAIL PROTECTED] [EMAIL PROTECTED] 01cf01c2b9d6$f43cf250$[EMAIL PROTECTED] avr7o5$m1r$[EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=080606090209080902030004 X-OriginalArrivalTime: 12 Jan 2003 23:03:35.0647 (UTC) FILETIME=[D5E4F6F0:01C2BA8E] X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N --080606090209080902030004 Content-Type: text/plain; format=flowed; charset=us-ascii Content-Transfer-Encoding: 7bit Costin Manolache wrote: Could you make a small modification and run the same test with 20 concurent threads ? I checked the code and we have plenty of syncs, but you never know. OK -- for this I went to the horse's (or maybe I should say, cat's) mouth with the same result -- collisions still look very unlikely. Here is what I did (using unpatched tomcat 4.1.18, Sun's linux JDK 1.3.1_03): 1. Put a jsp that does nothing but get a session and then invalidate it (sessionTest.jsp) in /webapps/examples; 2. Set up a jmeter test with 20 threads, no delay, hitting sessionTest.jsp 500 times each (SessionTest.jmx); 3. grep 'Created' localhost_examples_log.date.txt sessions.txt; 4. Run DispersionCheck.java (attached) to grab the generated session IDs from sessions.txt and do the comparisons as before. Output is attached as DispersionCheckOut.txt. Note that among the 199,990,000 pairs of session ID's examined, none agreed in more than 13 of 32 hex digits. BTW, I noticed that in my original tests, I was only comparing the first half of the strings (forgot that the hex conversion doubles the length - DOH!). I have attached a corrected version of the standalone program DispersionCheck.java that does all of the comparisons and compares the distribution to B(32,1/16) instead of B(16,1/16). Results are as expected. -Phil I did check the code and it looks ok - plenty of synchronized() blocks. But who knows ? If there is a problem, it could be protection, not just synchronization (which just guarantees serialization). I notice that the valid flag is used to protect sessions from being updated while they are expiring, etc. I posted a (probably insignificant) bug report a couple of weeks ago (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15746) indicating that a session being recycled could in theory have attributes added by other threads still holding references to it between the time that its attributes are cleared and when its isValid flag is set to false. The result would be that a dirty session would be reused. I have been trying to make this (or other similar things) to happen using jmeter tests to no avail; but I will keep trying. Costin --080606090209080902030004 Content-Type: text/plain; name=SessionTest.jmx Content-Transfer-Encoding: 7bit Content-Disposition: inline; FOR ANTI-VIRUS SECURITY, THIS EMAIL HAS BEEN REJECTED. REASON: THIS EMAIL CONTAINED AN ATTACHMENT TYPE OF '.jmx' WHICH IS NOT PERMITTED. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[ERR] DO NOT REPLY [Bug 20663] - Cannot shutdown Tomcat gracefully
Transmit Report: To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED]) ---BeginMessage--- DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20663 Cannot shutdown Tomcat gracefully --- Additional Comments From [EMAIL PROTECTED] 2003-07-25 07:28 --- workaround for those who are not scripting experts like myself: killTomcat.sh #!/bin/sh list=`ps -ef | grep jakarta-tomcat | grep -v grep | awk '{ print $2}'` for i in $list do kill -9 $i done - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ---End Message---
[ERR] Tomcat 5
Transmit Report: To: [EMAIL PROTECTED], 402 Local User Inbox Full ([EMAIL PROTECTED]) ---BeginMessage--- Hi Sirs, I have installed Tomcat 5 in my system and I try to run one simple JSTL jsp page, some error has come. Please help me to give one solution to this.Please send the help file for configuring Tomcat 5 to run JSTL..The error is org.apache.jasper.JasperException: The absolute uri: http://java.sun.com/jstl/core_rt cannot be resolved in either. The code is %@ taglib uri=http://java.sun.com/jstl/core_rt; prefix=c % html body You sent the following request headers: p/ table border=1 tr th Header /th th Value /th /tr c:forEach var=entry items=${header} tr td ${entry.key} /td td ${entry.value} /td /tr /c:forEach /table /body /html Regards Sheejo - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software---End Message---
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:RE: [5.next] Progress, more ideas and native connector benchmarks From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:RE: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: [5.next] Progress, more ideas and native connector benchmarks From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GWAVA Sender Notification (Content filter)
A message sent by you was blocked by GWAVA - Content protection for Novell GroupWise. The message was blocked for the following reason(s): Content filter The message contained the following information: Subject:Re: Simple Sticky LB WAS: Invitation to HTTPD commiters in tomcat-dev From:[EMAIL PROTECTED] Recipient(s): [No To Addresses] [No Cc Addresses] [EMAIL PROTECTED] The following information details the events that prevented delivery of this message: EventDetails Content filtered Content within this message was disallowed. inline: gwava.jpeg- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]