[Bug 51966] Tomcat does not support ssha hashed passwords in all contexts

https://issues.apache.org/bugzilla/show_bug.cgi?id=51966 --- Comment #20 from Gabriel --- (In reply to Gabriel from comment #19) > > Hashing on the client side has its merits as long as you also hash on the > server side and you don't use the same salt on the client as you do on the > server. I

[Bug 51966] Tomcat does not support ssha hashed passwords in all contexts

https://issues.apache.org/bugzilla/show_bug.cgi?id=51966 --- Comment #19 from Gabriel --- (In reply to S from comment #17) > (In reply to Christopher Schultz from comment #16) > > This is awful security. When the client is involved in authentication, > > that's called not being authenticated. > I

[Bug 51966] Tomcat does not support ssha hashed passwords in all contexts

https://issues.apache.org/bugzilla/show_bug.cgi?id=51966 --- Comment #18 from Gabriel --- The only advantage I see of hashing in the client side is not storing a String with the cleartext password in memory. Strings are immutable objects, so they cannot be cleared once password processing is com

[Bug 51966] Tomcat does not support ssha hashed passwords in all contexts

https://issues.apache.org/bugzilla/show_bug.cgi?id=51966 --- Comment #17 from S --- (In reply to Christopher Schultz from comment #16) > This is awful security. When the client is involved in authentication, > that's called not being authenticated. I don't understand. It's the same Tomcat does ou

[Bug 51966] Tomcat does not support ssha hashed passwords in all contexts

https://issues.apache.org/bugzilla/show_bug.cgi?id=51966 --- Comment #16 from Christopher Schultz --- (In reply to S from comment #15) > Hi, > > what I'm doing is to hash the user-entered password 999x on the client with > a salt (visible in the JS code) on the OK-Click in my login form. Then I

Re: support for salted passwords

Gabriel, On 2/4/14, 3:29 PM, "Gabriel E. Sánchez Martínez" wrote: > > On 02/04/2014 12:20 PM, Christopher Schultz wrote: >> Nick, >> >> On 2/2/14, 2:51 AM, Nick Williams wrote: >>> On Feb 2, 2014, at 1:23 AM, Gabriel E. Sánchez Martínez wrote: I am very new to Tomcat but am already getting m

Re: Improvement fo org.apache.tomcat.util.net.jsse.JSSESupport class

On 5 February 2014 15:14, Mark Thomas wrote: > On 05/02/2014 14:56, Maxim Kirilov wrote: >> Hi, >> >> I've noticed that some code inside *handshake()* method can be omitted. >> After executing the >> call to: *ssl.startHandshake()*, according to SSLSocket >>

buildbot success in ASF Buildbot on tomcat-trunk

The Buildbot has detected a restored build on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5477 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source

Re: svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

On 5.2.2014 16:51, Mladen Turk wrote: On 02/05/2014 03:12 PM, Ognjen Blagojevic wrote: Mladen, On 5.2.2014 14:34, Mladen Turk wrote: On 02/05/2014 12:42 PM, Rainer Jung wrote: I think as soon as you are confident, that you IP6 changes are stable we should make the overdue release. Yep, tha

Re: svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

On 02/05/2014 03:12 PM, Ognjen Blagojevic wrote: Mladen, On 5.2.2014 14:34, Mladen Turk wrote: On 02/05/2014 12:42 PM, Rainer Jung wrote: I think as soon as you are confident, that you IP6 changes are stable we should make the overdue release. Yep, that's the plan. Definitively this month.

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 --- Comment #6 from Konstantin Kolinko --- 1. This page has links: http://tomcat.apache.org/bugreport.html#Bugzilla_is_not_a_support_forum 2. I added a comment on the original issue to the FAQ page here: http://wiki.apache.org/tomcat/OutOf

Re: Improvement fo org.apache.tomcat.util.net.jsse.JSSESupport class

On 05/02/2014 14:56, Maxim Kirilov wrote: > Hi, > > I've noticed that some code inside *handshake()* method can be omitted. > After executing the > call to: *ssl.startHandshake()*, according to SSLSocket >

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 --- Comment #5 from Daniel Baktiar --- @Z, you should send email to users-subscr...@tomcat.apache.org to subscribe. -- You are receiving this mail because: You are the assignee for the bug. ---

Improvement fo org.apache.tomcat.util.net.jsse.JSSESupport class

Hi, I've noticed that some code inside *handshake()* method can be omitted. After executing the call to: *ssl.startHandshake()*, according to SSLSocket javadoc, after returning from this call the negotiated

[Tomcat Wiki] Update of "OutOfMemory" by KonstantinKolinko

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "OutOfMemory" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/OutOfMemory?action=diff&rev1=12&rev2=13 Comment: Add section on HTTP sessions 1. Trace t

buildbot failure in ASF Buildbot on tomcat-trunk

The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/5476 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source St

Re: svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

Mladen, On 5.2.2014 14:34, Mladen Turk wrote: On 02/05/2014 12:42 PM, Rainer Jung wrote: I think as soon as you are confident, that you IP6 changes are stable we should make the overdue release. Yep, that's the plan. Definitively this month. Any chance to include patch for EECDH support [1

[Tomcat Wiki] Trivial Update of "OutOfMemory" by KonstantinKolinko

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "OutOfMemory" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/OutOfMemory?action=diff&rev1=11&rev2=12 Comment: Add TOC, remove dead link #format wiki

Re: svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

On 02/05/2014 12:42 PM, Rainer Jung wrote: Hi Mladen, I think as soon as you are confident, that you IP6 changes are stable we should make the overdue release. Yep, that's the plan. Definitively this month. Regards -- ^TM -

svn commit: r1564755 - in /tomcat/site/trunk: docs/bugreport.html xdocs/bugreport.xml

Author: kkolinko Date: Wed Feb 5 12:58:05 2014 New Revision: 1564755 URL: http://svn.apache.org/r1564755 Log: Add target anchor to a link to the users list Modified: tomcat/site/trunk/docs/bugreport.html tomcat/site/trunk/xdocs/bugreport.xml Modified: tomcat/site/trunk/docs/bugreport.ht

svn commit: r1564751 - in /tomcat/site/trunk: docs/bugreport.html xdocs/bugreport.xml

Author: kkolinko Date: Wed Feb 5 12:53:13 2014 New Revision: 1564751 URL: http://svn.apache.org/r1564751 Log: Add target anchor to a link to the users list Modified: tomcat/site/trunk/docs/bugreport.html tomcat/site/trunk/xdocs/bugreport.xml Modified: tomcat/site/trunk/docs/bugreport.ht

svn commit: r1564747 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/core/ java/org/apache/jasper/ java/org/apache/jasper/compiler/ test/org/apache/catalina/core/ webapps/docs/ webapps/docs/co

Author: kkolinko Date: Wed Feb 5 12:43:49 2014 New Revision: 1564747 URL: http://svn.apache.org/r1564747 Log: Merged revisions r1562597,r1564742-r1564746 from tomcat/trunk: Make the xmlBlockExternal option in Catalina and Jasper to be true by default. Modified: tomcat/tc7.0.x/trunk/ (props

svn commit: r1564746 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationContext.java webapps/docs/changelog.xml

Author: kkolinko Date: Wed Feb 5 12:34:28 2014 New Revision: 1564746 URL: http://svn.apache.org/r1564746 Log: Followup to r1562597 xmlBlockExternal is now true by default. It is the false value that now needs to be passed explicitly. Modified: tomcat/trunk/java/org/apache/catalina/core/Appl

svn commit: r1564742 - /tomcat/trunk/test/org/apache/catalina/core/TesterContext.java

Author: kkolinko Date: Wed Feb 5 12:23:52 2014 New Revision: 1564742 URL: http://svn.apache.org/r1564742 Log: Followup to r1562597 Align return value in stub class with the default one in StandardContext Modified: tomcat/trunk/test/org/apache/catalina/core/TesterContext.java Modified: tomca

Re: svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

Hi Mladen, On 05.02.2014 09:18, mt...@apache.org wrote: > Author: mturk > Date: Wed Feb 5 08:18:47 2014 > New Revision: 1564668 > > URL: http://svn.apache.org/r1564668 > Log: > Ensure proper HAVE_IPV6 define is used I think as soon as you are confident, that you IP6 changes are stable we should

Re: support for salted passwords

On 4.2.2014 21:29, "Gabriel E. Sánchez Martínez" wrote: I've been tossing-around some upgrades in my mind for the realm implementations that would allow for better pluggability for things like this. Right now, the only way to implement, say, bcrypt, would be to write your own Realm. That's silly:

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 --- Comment #4 from Z@ --- (In reply to Mark Thomas from comment #3) > The bug was resolved as invalid because there is no bug here. If you do not > understand why this bug is invalid, please ask on the users mailing list. Hello, How can I

Time for 7.0.51

Hi, I want to start the release procedure for Tomcat 7.0.51. If you would like to add something to this release please respond to this mail. Regards Violeta

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 --- Comment #3 from Mark Thomas --- The bug was resolved as invalid because there is no bug here. If you do not understand why this bug is invalid, please ask on the users mailing list. -- You are receiving this mail because: You are the

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 Z@ changed: What|Removed |Added CC||zlelik2...@gmail.com -- You are receiving th

[Bug 50685] Big memory leak

https://issues.apache.org/bugzilla/show_bug.cgi?id=50685 --- Comment #2 from Z@ --- (In reply to Mark Thomas from comment #1) > Please use the users mailing list if you require further advice. Hello, Could you please explain why this bug is resolved or maybe it was moved to another place? If so,

svn commit: r1564668 - /tomcat/jk/trunk/native/common/jk_connect.c

Author: mturk Date: Wed Feb 5 08:18:47 2014 New Revision: 1564668 URL: http://svn.apache.org/r1564668 Log: Ensure proper HAVE_IPV6 define is used Modified: tomcat/jk/trunk/native/common/jk_connect.c Modified: tomcat/jk/trunk/native/common/jk_connect.c URL: http://svn.apache.org/viewvc/tomc