Quoting Mark Castillo [EMAIL PROTECTED]:
It is not a product that we are planning to have publicly available,
although we develop it in a commercial release-like fasion. We do have
the software running on about 100 customer sites now. The company I work
for is Counterpane Internet Security
Quoting Jan Labanowski [EMAIL PROTECTED]:
Guys,
You are getting religious about CGI... Religious is good, but I worry
that it is a cult {:-)}. CGI was a good thing for last 6 years, and it is a
still good thing sometimes.
CGI is a technically _horrible_ solution. The entire process model is
You work for _Counterpane_?!? I am involved in open source Java
cryptography
projects, and cypto/security is where alot of my experience lies. I am, of
course, quite familiar with Counterpane. ;-)
You work with Bruce and shit ... damn, what and honor THAT would be :)
Yeah, he's a cool guy.
Whoha... Just had my nightly report on the server, and thank god it was
running TC40b7 when I had a NESSUS run :)
I got a TON of reports on CGIs installed on the system, and freaked out
AAAHHH someone broke into my server... UNTIL I didn't see a .exe CGI...
What, is it a UNIX or a WINDOWS box?
Quoting Pier P. Fumagalli [EMAIL PROTECTED]:
(BTW, wouldn't it be wise to disable CGI execution in the default
configuration? I don't know, after hearing people running Tomcat as
root, I feel we really should!)
+1
Hi,
-Original Message-
From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 10:44 AM
To: tomcat dev jakarta.apache.org
Subject: CGI wrapper in Tomcat 4.0 b7
[...]
(BTW, wouldn't it be wise to disable CGI execution in the default
configuration? I
wrapper in Tomcat 4.0 b7
Quoting Pier P. Fumagalli [EMAIL PROTECTED]:
(BTW, wouldn't it be wise to disable CGI execution in the default
configuration? I don't know, after hearing people running Tomcat as
root, I feel we really should!)
+1
On Sun, 19 Aug 2001, Deacon Marcus wrote:
Hi,
-Original Message-
From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 10:44 AM
To: tomcat dev jakarta.apache.org
Subject: CGI wrapper in Tomcat 4.0 b7
[...]
(BTW, wouldn't it be wise
Quoting Mark Castillo [EMAIL PROTECTED]:
Hi all. I'm new to the list. Sorry if someone has already brought this
up, but couldn't the code provide some native methods for changing the uid
of the process after binding to the network ports (if they want to start
as root, binding to a port
- Original Message -
It's an experimental feature which is available in our CVS source tree...
You might want to check out the service directory in the
jakarta-tomcat-4.0 CVS repository.
Ah! I see it. Nice.
Currently I'm reviewing the Tomcat sources for embedding a servlet
, starting at:
http://jakarta.apache.org/site/getinvolved.html
Welcome!
Craig
- Original Message -
From: Christopher Cain [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, August 18, 2001 3:17 PM
Subject: Re: CGI wrapper in Tomcat 4.0 b7
Quoting Pier P
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Craig (who is amused by this, since Apache itself ships with CGI
enabled)
True enough, but the very point of JSP/Servlets is to obviate the need for CGI.
I can't imagine that ANYONE would want to run CGI from Tomcat unless they had
some legacy
On Sat, 18 Aug 2001, Christopher Cain wrote:
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Craig (who is amused by this, since Apache itself ships with CGI
enabled)
True enough, but the very point of JSP/Servlets is to obviate the need for CGI.
I can't imagine that ANYONE would
Deacon Marcus at [EMAIL PROTECTED] wrote:
Hi,
-Original Message-
From: Pier P. Fumagalli [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 10:44 AM
To: tomcat dev jakarta.apache.org
Subject: CGI wrapper in Tomcat 4.0 b7
[...]
(BTW, wouldn't it be wise to disable
Quoting Mark Castillo [EMAIL PROTECTED]:
[snip]
What I was really wanting to evaluate was how you guys are managing
sessions and how sessions information could possibly leak out via
the filesystem, memory, or other ways. The application we are running runs
in a hostile environment (remote
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Don't get me wrong, I'm ok with turning it off by default ... but it
also needs someone to write a HOWTO document on how to turn it on and use
it (to avoid endless questions on TOMCAT-USER about I thought you said
Tomcat 4 supported CGI :-).
Sounds cool, but I'll let someone a little more familiar with CGI speak to
the
feasibility in Tomcat. I started out my dynamic-content life with ASP
(D'oh!),
then moved to servlets (Woo-hoo!), so I was rather fortunate in that I got
to
skip the whole CGI nightmare :-)
Good for you. If I
Mark Castillo at [EMAIL PROTECTED] wrote:
Right now we've integrated Acme server (and integrated https and login
session support ourselves, which was a royal pain). So, I'm trying to figure
out if we want to continue maintaining (fixing/rewriting?) the Acme server
or scrap it and go to
, 2001 10:44 AM
To: tomcat dev jakarta.apache.org
Subject: CGI wrapper in Tomcat 4.0 b7
[...]
(BTW, wouldn't it be wise to disable CGI execution in the default
configuration? I don't know, after hearing people running Tomcat
as root, I
feel we really should!)
You mean it's
Guys,
You are getting religious about CGI... Religious is good, but I worry that
it is a cult {:-)}. CGI was a good thing for last 6 years, and it is a
still good thing sometimes. Note, we have tons of legacy perl software
around, and believe me, I can sometimes do more in one line of perl, than
, August 18, 2001 9:36 PM
Subject: Re: CGI wrapper in Tomcat 4.0 b7
Guys,
You are getting religious about CGI... Religious is good, but I worry that
it is a cult {:-)}. CGI was a good thing for last 6 years, and it is a
still good thing sometimes. Note, we have tons of legacy perl software
around
21 matches
Mail list logo
