RE: Upcoming Tomcat book...
Hi Rob, Adam et al. I think that its a good point that Adam could point us in the direction intended for the book. I know that the "book's target audience is web developers who will be using Tomcat", but if a more specific one could be pointed out would be very helpful. In case that the intended direction should be suggested by us (the future readers a.k.a. the target audience) I agree completely with Rob : I think either kind of book would be an excellent book. What I would hate to see is a book that's something of a mishmash in between -- not really about Tomcat, and not really about advanced issues of servlet/jsp development and deployment focused on Tomcat. Such a book might sell because a lot of people who buy technical books really have no idea what they're buying, but it would still not be a good book. In my particular position, I can allocate some time for a chapter review/reading or something in the style. I must admit that I'm not the best reviewer in the world, but as much eyes take a look the better. Cheers. -- Vctor A. Rodrguez ( http://www.bit-man.com.ar) Telefnica de Argentina - http://www.Telefonica.com.ar Tel. (54-11) 4333-7305 - Fax: (54-11) 4303-5586 int. 1680 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Upcoming Tomcat book...
Adam, I am a Technology Consultant (my programming skills are not very high), and many times the security related task are the less known to the programmers (how to catch and use a security contexts, safe programming, etc.). I think that a chapter devoted to security related tasks would be avery good idea. Cheers. -- Vctor A. Rodrguez ( http://www.bit-man.com.ar) Telefnica de Argentina - http://www.Telefonica.com.ar Tel. (54-11) 4333-7305 - Fax: (54-11) 4303-5586 int. 1680 -Mensaje original- De: Adam Fowler [mailto:[EMAIL PROTECTED]] Enviado el: Saturday, March 03, 2001 05:52 Para: [EMAIL PROTECTED] Asunto: Upcoming Tomcat book... Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as this book is meant to be for you people. If any Tomcat User Group(TUG) members wish to write user documentation for Tomcat (The 'paths' that have been discussed) then drop me an e-mail and maybe we can help each other. Regards, Adam. Adam Fowler Second year Computer Science undergraduate University of Wales, Aberystwyth Carroll College, WI, USA(2000-2001) web: http://gucciboy.dyndns.org/aff9 e-mail: [EMAIL PROTECTED] "Every new beginning comes from some other beginning's end" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Upcoming Tomcat book...
I second that. I am a Senior Java Developer, who is currently getting involved in Internet Security. There are a small number of security products in the market, but I think Tomcat is providing a fuller package than most of them. So if you include a chapter on Security that might enhance the image of Tomcat and open new markets to it. Ahmed. "Rodriguez Victor A." [EMAIL PROTECTED] wrote: Adam,I am a Technology Consultant (my programming skills are not very high), andmany times the security related task are the less known to the programmers(how to catch and use a security contexts, safe programming, etc.).I think that a chapter devoted to security related tasks would be avery goodidea.Cheers.-- Víctor A. Rodríguez ( http://www.bit-man.com.ar) Telefónica de Argentina - http://www.Telefonica.com.ar Tel. (54-11) 4333-7305 - Fax: (54-11) 4303-5586 int. 1680 -Mensaje original- De: Adam Fowler [mailto:[EMAIL PROTECTED]] Enviado el: Saturday, March 03, 2001 05:52 Para: [EMAIL PROTECTED] Asunto: Upcoming Tomcat book... Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as this book is meant to be for you people. If any Tomcat User Group(TUG) members wish to write user documentation for Tomcat (The 'paths' that have been discussed) then drop me an e-mail and maybe we can help each other. Regards, Adam. Adam Fowler Second year Computer Science undergraduate University of Wales, Aberystwyth Carroll College, WI, USA(2000-2001) web: http://gucciboy.dyndns.org/aff9 e-mail: [EMAIL PROTECTED] "Every new beginning comes from some other beginning's end" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, email: [EMAIL PROTECTED]Do You Yahoo!? Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail.
RE: Upcoming Tomcat book...
I've seen a lot of great ideas for material that Adam Fowler could or should cover in the Tomcat book he's writing for Sams Publishing. But a book, to really be a book, needs to have a focus and not many of the suggestions offered have really had much at all to do with Tomcat as a specific servlet container. Though I think the suggestion below is an excellent one, other than issues with using the security manager inside Tomcat, it's really a Java security specific topic. I grant that I would love to see a book that focused specifically on issues of security, authentication, encryption, etc, as they apply to servlets and jsp. Besides briefly covering the technologies themselves, such a book could go into where and when to apply individual technologies and why. What about session security? How does JAAS fit in? In a nutshell, how can we write network applications (in a servlet/jsp environment) that are secure. But such a book isn't about Tomcat. Things related to Tomcat are how does Tomcat fit into the other components of the Jakarta project? How do we install Tomcat to work in conjunction with Apache and make the two compliment each other? How do we embed Tomcat? How do we create new application contexts and what kinds of things can we do with them? There are several Tomcat based portals available -- how do we set them up? Etc. And maybe also put the servlet jsp specs as appendices. On the other hand, maybe the proposed book is really an advanced servlet/jsp handbook of sorts (heaven knows, we don't need yet another introductory book). In that case the book isn't really about Tomcat per se, even though most of the books examples, etc, will be based on Tomcat. Moreover, most all the suggestions offered so far with fit in such a book because the focus would really be on advanced servlet/jsp development and deployment. I think either kind of book would be an excellent book. What I would hate to see is a book that's something of a mishmash in between -- not really about Tomcat, and not really about advanced issues of servlet/jsp development and deployment focused on Tomcat. Such a book might sell because a lot of people who buy technical books really have no idea what they're buying, but it would still not be a good book. -- Rob --On Thursday, March 08, 2001 06:50:40 PM -0300 "Rodriguez Victor A." [EMAIL PROTECTED] wrote: Adam, I am a Technology Consultant (my programming skills are not very high), and many times the security related task are the less known to the programmers (how to catch and use a security contexts, safe programming, etc.). I think that a chapter devoted to security related tasks would be avery good idea. Cheers. -- Vctor A. Rodrguez ( http://www.bit-man.com.ar) Telefnica de Argentina - http://www.Telefonica.com.ar Tel. (54-11) 4333-7305 - Fax: (54-11) 4303-5586 int. 1680 -Mensaje original- De: Adam Fowler [mailto:[EMAIL PROTECTED]] Enviado el: Saturday, March 03, 2001 05:52 Para: [EMAIL PROTECTED] Asunto: Upcoming Tomcat book... Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as this book is meant to be for you people. If any Tomcat User Group(TUG) members wish to write user documentation for Tomcat (The 'paths' that have been discussed) then drop me an e-mail and maybe we can help each other. Regards, Adam. Adam Fowler Second year Computer Science undergraduate University of Wales, Aberystwyth Carroll College, WI, USA(2000-2001) web: http://gucciboy.dyndns.org/aff9 e-mail: [EMAIL PROTECTED] "Every new beginning comes from some other beginning's end" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED]
RE: Upcoming Tomcat book...
One thing I'd like to see in such a book is about how to embed tomcat in other applications (discuss the pros and cons of EmbededTomcat vs. regular Tomcat). Regards, Stefan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RE: Upcoming Tomcat book...
A couple of things I would like to see in a book (and seems to have never been covered before): 1. How to structure large servlet applications (Data model). 2. Scalable/fail safe servlet applications. i.e. Our application is accessing a database of up to 100Gb and we cache all of our data in the memory of the VM rather than reading the DB for every request. The VM can only handle 2Gb, but in reality should hold 500Mb or less. The data model is very complex and is very sophisticated. We have features such as lazy writing where it updates the record in memory, but doesn't send the changes to the database immediately; early reading where we do a big SQL select in replacement of lots of small SQL selects and cache the result set until ready to build our internal data model. We are less concerned with performance in our application because the real limit is the amount of memory the VM is currently using (50 users are likely to be using 250Mb), therefore concurrent users aren't going to cause a large amount of performance issues, but could potentially cause memory problems. As the data is loaded in several separate VM's fail safety became a problem, but has been sufficiently resolved for our app. Also data that needs to be shared between instances of the VM is very difficult. We have had to broadcast to the other VM's that a particaular record is now invalid and the next time it is used it goes back to the DB. We have had consultancy from IBM on these issues and we wanted to find another company and books to help us as well, but we have failed so far. By the way if anyone knows of a consultancy company that has had experience of projects like this please forward their details to me. If you want to discuss the issues we have resolved and how we have done it; or discuss the issues that still remain EMail me. Dave. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Upcoming Tomcat book...
Rob et al.-- LDAP is attractive to me because it's where your regular, already-being-maintained (LAN, whatever) user database is likely to reside (Exchange, Notes, whatever, with LDAP interface.) LDAP supports various password/credential schemes: I don't quite understand why you can't pump in your legacy ones in in a batch anyhow (unless they are already digests.) As far as different credentials, I tink there are 2 ways to go: LDAP group entries (which are designed reasonably well for maintenance by an administrator) which might also be treated as roles (mapped to J2EE app roles); and signed or unsigned attributes (additional credentials) in the user's entry itself. Thus one has a single identity (good for single-signon!) with multiple credentials. I haven't seen much of this in action, but it seems the facilities are there. Martin Rob Tanner wrote: Allen, LDAP is sometimes a viable solution and sometimes not. It's a direction I am already moving and most of the infrastructure is in place. The problem is I have 3000+ accounts with legacy passwords. The LDAP server uses, I believe, a SHA-1 digest for passwords. Therefore, moving from the SQL database to LDAP is not transparent and requires that same 3000+ users to do something in order to make it happen. Even if the something is as simple as a web page where they enter their username and password and then simply press the submit button, getting 3000+ users to do it without generating a lot of flak and ill feelings requires time and carrots. And besides, your suggestion only addresses using the SQL database for authentication credentials, it doesn't address the myriad of other applications that might access a SQL database, and do so under an application specific user name (again, it is easier and I think less error prone to keep the grant table entries to a minimum -- let the application use an application specific user id and let individual users present their personal credentials to the application, not the database). So even if a user authenticates him or herself via LDAP, the issue of securing the applications db access credentials remains. Sticky problem, ain't it!! -- Rob --On Saturday, March 03, 2001 11:53:05 PM -0600 Allen Akers [EMAIL PROTECTED] wrote: My suggestion would be to use an LDAP database as your authentication database for your individual users. You can authenticate that person and then access information about their database access group and the associated group password, if you set up the LDAP database correctly. In this way, the user doesn't need their own SQL user account, just a valid LDAP entry tied to a generic user group and no type of sensitive information need reside on your machine running Tomcat. There are some other ways you could do it, but that is probably the most versatile and straightforward. Allen Akers Programmer Analyst Strategic Web and Voice Development [EMAIL PROTECTED] [EMAIL PROTECTED] 03/03/01 05:03PM Adam, It's not really a Tomcat issue, but one of the things that's covered sometimes poorly and sometimes not at all is thread synchronization. Unless you're using th SingleThreadModel interface, that's a serious issue for servlet programming, and unless you're familiar with threading in Java you can get yourself in all kinds of trouble (writing servlets was my first exposure to Java and I wasn't at all familiar with threads, and I suspect there are a lot of others who have gotten caught off-guard like that). Though it's not really a Tomcat issue, it would be a valuable appendix. The other area that drives me crazy (and I still haven't found any satisfactory mechanisms) is how to secure credentials the servlet needs to access database resources. For instance, if a user's credentials are stored in a MySQL database, the servlet must access that database, and to do so, it needs a valid uname and password. These would not normally be the uname and password passed in from the request object (assuming some variety of forms based authentication) since you don't normally have hundreds or even thousands of users setup with database privileges. Rather, the servlet uses it's own credentials to access the database and retrieve the user's specific credentials stored in an ordinary table. The problem is that web.xml is not a secure place to store the servlet's credentials, especially if you're running Tomcat on a UNIX machine with many applications and many developers, not all of whom should have access to the particular servlet's credentials. I have asked that same question on several different venues, but the few answers I've gotten have all been non sequitur, and I think that's because the question has not been fully understood. A discussion of
Re: Upcoming Tomcat book...
Allen, LDAP is sometimes a viable solution and sometimes not. It's a direction I am already moving and most of the infrastructure is in place. The problem is I have 3000+ accounts with legacy passwords. The LDAP server uses, I believe, a SHA-1 digest for passwords. Therefore, moving from the SQL database to LDAP is not transparent and requires that same 3000+ users to do something in order to make it happen. Even if the something is as simple as a web page where they enter their username and password and then simply press the submit button, getting 3000+ users to do it without generating a lot of flak and ill feelings requires time and carrots. And besides, your suggestion only addresses using the SQL database for authentication credentials, it doesn't address the myriad of other applications that might access a SQL database, and do so under an application specific user name (again, it is easier and I think less error prone to keep the grant table entries to a minimum -- let the application use an application specific user id and let individual users present their personal credentials to the application, not the database). So even if a user authenticates him or herself via LDAP, the issue of securing the applications db access credentials remains. Sticky problem, ain't it!! -- Rob --On Saturday, March 03, 2001 11:53:05 PM -0600 Allen Akers [EMAIL PROTECTED] wrote: My suggestion would be to use an LDAP database as your authentication database for your individual users. You can authenticate that person and then access information about their database access group and the associated group password, if you set up the LDAP database correctly. In this way, the user doesn't need their own SQL user account, just a valid LDAP entry tied to a generic user group and no type of sensitive information need reside on your machine running Tomcat. There are some other ways you could do it, but that is probably the most versatile and straightforward. Allen Akers Programmer Analyst Strategic Web and Voice Development [EMAIL PROTECTED] [EMAIL PROTECTED] 03/03/01 05:03PM Adam, It's not really a Tomcat issue, but one of the things that's covered sometimes poorly and sometimes not at all is thread synchronization. Unless you're using th SingleThreadModel interface, that's a serious issue for servlet programming, and unless you're familiar with threading in Java you can get yourself in all kinds of trouble (writing servlets was my first exposure to Java and I wasn't at all familiar with threads, and I suspect there are a lot of others who have gotten caught off-guard like that). Though it's not really a Tomcat issue, it would be a valuable appendix. The other area that drives me crazy (and I still haven't found any satisfactory mechanisms) is how to secure credentials the servlet needs to access database resources. For instance, if a user's credentials are stored in a MySQL database, the servlet must access that database, and to do so, it needs a valid uname and password. These would not normally be the uname and password passed in from the request object (assuming some variety of forms based authentication) since you don't normally have hundreds or even thousands of users setup with database privileges. Rather, the servlet uses it's own credentials to access the database and retrieve the user's specific credentials stored in an ordinary table. The problem is that web.xml is not a secure place to store the servlet's credentials, especially if you're running Tomcat on a UNIX machine with many applications and many developers, not all of whom should have access to the particular servlet's credentials. I have asked that same question on several different venues, but the few answers I've gotten have all been non sequitur, and I think that's because the question has not been fully understood. A discussion of issues like that (especially for folks coming from an apache/cgi world where good solutions are well-known) would be very valuable. Beyond that, if you need readers or folks to beta test examples and procedures, I'd be more that happy to help out. -- Rob --On Saturday, March 03, 2001 02:51:35 AM -0600 Adam Fowler [EMAIL PROTECTED] wrote: Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as
Re: Upcoming Tomcat book...
That is a very cool thing ;) I have been looking on the bookshelves for such a book! If you ever need any help let me know. Here is my email. [EMAIL PROTECTED] Ahmed Alawy, Adam Fowler [EMAIL PROTECTED] wrote: Hi all,I will shortly be writing a book for Sams Publishing in a similar format tothe recently released(and well received) book on Python.I currently have the task of writing a proposal for content of the book. Thebook's target audience is web developers who will be using Tomcat. It willbe based on Tomcat 4.0, but will also be useful for Tomcat 3.x.I am e-mailing this list to ask for serious suggestions for sections of thebook. From installation through configuration to deploying customapplications.Any help would be appreciated and would benefit everyone as this book ismeant to be for you people.If any Tomcat User Group(TUG) members wish to write user documentation forTomcat (The 'paths' that have been discussed) then drop me an e-mail andmaybe we can help each other.Regards,Adam.Adam FowlerSecond year Computer Science undergraduateUniversity of Wales, AberystwythCarroll College, WI, USA(2000-2001)web: http://gucciboy.dyndns.org/aff9e-mail: [EMAIL PROTECTED]"Every new beginning comes from some other beginning's end"-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, email: [EMAIL PROTECTED]Do You Yahoo!? Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail.
Re: Upcoming Tomcat book...
Adam, It's not really a Tomcat issue, but one of the things that's covered sometimes poorly and sometimes not at all is thread synchronization. Unless you're using th SingleThreadModel interface, that's a serious issue for servlet programming, and unless you're familiar with threading in Java you can get yourself in all kinds of trouble (writing servlets was my first exposure to Java and I wasn't at all familiar with threads, and I suspect there are a lot of others who have gotten caught off-guard like that). Though it's not really a Tomcat issue, it would be a valuable appendix. The other area that drives me crazy (and I still haven't found any satisfactory mechanisms) is how to secure credentials the servlet needs to access database resources. For instance, if a user's credentials are stored in a MySQL database, the servlet must access that database, and to do so, it needs a valid uname and password. These would not normally be the uname and password passed in from the request object (assuming some variety of forms based authentication) since you don't normally have hundreds or even thousands of users setup with database privileges. Rather, the servlet uses it's own credentials to access the database and retrieve the user's specific credentials stored in an ordinary table. The problem is that web.xml is not a secure place to store the servlet's credentials, especially if you're running Tomcat on a UNIX machine with many applications and many developers, not all of whom should have access to the particular servlet's credentials. I have asked that same question on several different venues, but the few answers I've gotten have all been non sequitur, and I think that's because the question has not been fully understood. A discussion of issues like that (especially for folks coming from an apache/cgi world where good solutions are well-known) would be very valuable. Beyond that, if you need readers or folks to beta test examples and procedures, I'd be more that happy to help out. -- Rob --On Saturday, March 03, 2001 02:51:35 AM -0600 Adam Fowler [EMAIL PROTECTED] wrote: Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as this book is meant to be for you people. If any Tomcat User Group(TUG) members wish to write user documentation for Tomcat (The 'paths' that have been discussed) then drop me an e-mail and maybe we can help each other. Regards, Adam. Adam Fowler Second year Computer Science undergraduate University of Wales, Aberystwyth Carroll College, WI, USA(2000-2001) web: http://gucciboy.dyndns.org/aff9 e-mail: [EMAIL PROTECTED] "Every new beginning comes from some other beginning's end" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: Upcoming Tomcat book...
My suggestion would be to use an LDAP database as your authentication database for your individual users. You can authenticate that person and then access information about their database access group and the associated group password, if you set up the LDAP database correctly. In this way, the user doesn't need their own SQL user account, just a valid LDAP entry tied to a generic user group and no type of sensitive information need reside on your machine running Tomcat. There are some other ways you could do it, but that is probably the most versatile and straightforward. Allen Akers Programmer Analyst Strategic Web and Voice Development [EMAIL PROTECTED] [EMAIL PROTECTED] 03/03/01 05:03PM Adam, It's not really a Tomcat issue, but one of the things that's covered sometimes poorly and sometimes not at all is thread synchronization. Unless you're using th SingleThreadModel interface, that's a serious issue for servlet programming, and unless you're familiar with threading in Java you can get yourself in all kinds of trouble (writing servlets was my first exposure to Java and I wasn't at all familiar with threads, and I suspect there are a lot of others who have gotten caught off-guard like that). Though it's not really a Tomcat issue, it would be a valuable appendix. The other area that drives me crazy (and I still haven't found any satisfactory mechanisms) is how to secure credentials the servlet needs to access database resources. For instance, if a user's credentials are stored in a MySQL database, the servlet must access that database, and to do so, it needs a valid uname and password. These would not normally be the uname and password passed in from the request object (assuming some variety of forms based authentication) since you don't normally have hundreds or even thousands of users setup with database privileges. Rather, the servlet uses it's own credentials to access the database and retrieve the user's specific credentials stored in an ordinary table. The problem is that web.xml is not a secure place to store the servlet's credentials, especially if you're running Tomcat on a UNIX machine with many applications and many developers, not all of whom should have access to the particular servlet's credentials. I have asked that same question on several different venues, but the few answers I've gotten have all been non sequitur, and I think that's because the question has not been fully understood. A discussion of issues like that (especially for folks coming from an apache/cgi world where good solutions are well-known) would be very valuable. Beyond that, if you need readers or folks to beta test examples and procedures, I'd be more that happy to help out. -- Rob --On Saturday, March 03, 2001 02:51:35 AM -0600 Adam Fowler [EMAIL PROTECTED] wrote: Hi all, I will shortly be writing a book for Sams Publishing in a similar format to the recently released(and well received) book on Python. I currently have the task of writing a proposal for content of the book. The book's target audience is web developers who will be using Tomcat. It will be based on Tomcat 4.0, but will also be useful for Tomcat 3.x. I am e-mailing this list to ask for serious suggestions for sections of the book. From installation through configuration to deploying custom applications. Any help would be appreciated and would benefit everyone as this book is meant to be for you people. If any Tomcat User Group(TUG) members wish to write user documentation for Tomcat (The 'paths' that have been discussed) then drop me an e-mail and maybe we can help each other. Regards, Adam. Adam Fowler Second year Computer Science undergraduate University of Wales, Aberystwyth Carroll College, WI, USA(2000-2001) web: http://gucciboy.dyndns.org/aff9 e-mail: [EMAIL PROTECTED] "Every new beginning comes from some other beginning's end" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner McMinnville, Oregon [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: