Re: HttpOnly
https://owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly enjoy On Tue, Jun 12, 2012 at 10:27 AM, N.s.Karthik nskarthi...@gmail.com wrote: Hi Spec JDK1.6 Tomcat 6.0.10 O/s Win / Linux(r-Hat) Browser : Crome 19.0.x / IE8 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. I have Googled / Yahooed for the same. HttpOnly 1 form suggested to use Filters and set Cookie Headers as alternative for Handling HttpOnly How ever with this setting we are able to see multiple Cookies being set *HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD; HttpOnly Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD Content-Type: text/html Content-Length: 2333 Date: Tue, 12 Jun 2012 04:46:29 GMT* Please some body explain me Why this is happening and how to prevent this for Cross scripting Hack ??? with regards karthik -- View this message in context: http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: manager 404
update the tomcat-users.xml and create the users On Fri, May 4, 2012 at 2:54 AM, Jon Drukman j...@cluttered.com wrote: Caldarale, Charles R Chuck.Caldarale at unisys.com writes: Bad choice. Remove those, then download and install a real Tomcat 7 from tomcat.apache.org. The third-party repackaged versions of Tomcat garble so much that it's very difficult to provide any kind of support info for them. I removed the yum packages, then installed the official binary distribution from the apache.org website and I can now access the manager. I'm still having 404 errors on the actual app that I'm trying to run but hopefully their tech support can straighten me out on that. Thanks. -jsd- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: processing of tlds failed -- application still works -- why?
So, you are using an older version of Tomcat which contains a bug which you acknowledge is now fixed? I don't know the details but I was told that there were some application issues (I guess it is related to cookies) when the app was deployed on newer version. Also, for a Tomcat upgrade QA team needs to verify other applications deployed on the same Tomcat; this is something our project manager doesn't want to add to scope now. Just for my understanding, could you please tell why tlds are processed at start up and if application still works even when the processing fails? thanks! On Tue, Dec 28, 2010 at 8:36 AM, Pid p...@pidster.com wrote: On 12/26/10 7:44 PM, Satish Kumar wrote: Hi All, I am seeing the error below while deploying a web application on Tomcat 6.0.16. Note that the parser used for processing tlds is Crimson -- I expect Tomcat to use the default Xerces parser to process tlds, but it using Crimson parser that is in a jar in WEB-INF/lib. It seems this issue is related to bug 29936 fixed in 6.0.17: https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 . I don't see this error on Tomcat 6.0.18. So, you are using an older version of Tomcat which contains a bug which you acknowledge is now fixed? Why not upgrade to the latest 6.0.29? p Question: My application works fine. The custom tags defined in the tld the parsing failed on still work. Why do the custom tags work when tld parsing failed? Can this error be ignored? What is the purpose of method processTlds? (to create tld cache?) Ref: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Standard_Implementation What happens if I set processTlds context attribute to false while tlds are used in the webapp? ERROR [main] (Digester.java:1555) - Parse Fatal Error at line 1 column -1: Relative URI web-jsptaglib_1_1.dtd; can not be resolved without a base URI. org.xml.sax.SAXParseException: Relative URI web-jsptaglib_1_1.dtd; can not be resolved without a base URI. at org.apache.crimson.parser.Parser2.fatal(Parser2.java:3182) at org.apache.crimson.parser.Parser2.fatal(Parser2.java:3176) at org.apache.crimson.parser.Parser2.resolveURI(Parser2.java:2758) at org.apache.crimson.parser.Parser2.maybeExternalID(Parser2.java:2730) at org.apache.crimson.parser.Parser2.maybeDoctypeDecl(Parser2.java:1129) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:489) at org.apache.crimson.parser.Parser2.parse(Parser2.java:305) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1644) at org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518) at org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java:555) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:295) at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4441) Thanks! Satish
processing of tlds failed -- application still works -- why?
Hi All, I am seeing the error below while deploying a web application on Tomcat 6.0.16. Note that the parser used for processing tlds is Crimson -- I expect Tomcat to use the default Xerces parser to process tlds, but it using Crimson parser that is in a jar in WEB-INF/lib. It seems this issue is related to bug 29936 fixed in 6.0.17: https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 . I don't see this error on Tomcat 6.0.18. Question: My application works fine. The custom tags defined in the tld the parsing failed on still work. Why do the custom tags work when tld parsing failed? Can this error be ignored? What is the purpose of method processTlds? (to create tld cache?) Ref: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Standard_Implementation What happens if I set processTlds context attribute to false while tlds are used in the webapp? ERROR [main] (Digester.java:1555) - Parse Fatal Error at line 1 column -1: Relative URI web-jsptaglib_1_1.dtd; can not be resolved without a base URI. org.xml.sax.SAXParseException: Relative URI web-jsptaglib_1_1.dtd; can not be resolved without a base URI. at org.apache.crimson.parser.Parser2.fatal(Parser2.java:3182) at org.apache.crimson.parser.Parser2.fatal(Parser2.java:3176) at org.apache.crimson.parser.Parser2.resolveURI(Parser2.java:2758) at org.apache.crimson.parser.Parser2.maybeExternalID(Parser2.java:2730) at org.apache.crimson.parser.Parser2.maybeDoctypeDecl(Parser2.java:1129) at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:489) at org.apache.crimson.parser.Parser2.parse(Parser2.java:305) at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:442) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1644) at org.apache.catalina.startup.TldConfig.tldScanStream(TldConfig.java:518) at org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java:555) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:295) at org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4441) Thanks! Satish