JULIEN,TIMOTHY (HP-NewJersey,ex2) wrote:
Over in HP middleware, we're not to happy with this development either
our JSP implementation will suffer for the same reasons Jasper will
We can work with an external compiler, but for speed, we much prefer
sun.tool.javac.Main.
Just a
Jon Stevens wrote:
Time to drop Javac and just use Jikes...
LOL! I hadn't even read this one when I (just now) asked my why not
just go with Jikes question. I've started noticing that Jon and I think
alot alike, from HTML-formatted e-mail to documention approaches to JSP
to compiler
Jon Stevens wrote:
Jikes works fine.
The issue is that Jikes is a C++ binary and isn't ported to every platform.
Oh yeah ... =)
It also makes installation/distribution issues a bit more tricky than simply
calling a Java class file...
Yep. I figured the issue was that it would require
Just a heads-up that the Tomcat site's index.html contains the following
sentence:
Version 3.3 is currently under development and the beta process is
expected to begin shortly.
Someone with commit access should probably update that so that users
know the beta cycle has begun.
- Christopher
Since there is an active discussion about the Tomcat site itself,
implying that someone may be about to do a little work on it, I have a
simple suggestion. It would be a nice convenience if there were a new
section on the download page, maybe under a separate one of those
grayish-blue heading
Christopher Cain wrote:
[snip]
... someone should really fix the Catalina Configuration page so that
either the background is not black or the links are white or something.
I'll even tell you the fix.
categories.html: bgcolor=sky blue -- bgcolor=skyblue
;-)
Craig R. McClanahan wrote:
[snip]
For Tomcat 4, what do folks think of omitting the sources from the binary
distribution? This would knock the size of the binary distributions down
by around 2 megabytes (which I'm sure people would also appreciate).
FWIW, I completely agree. I actually
Craig R. McClanahan wrote:
What's the top priority for the Administrators section?
IMHO, documenting the various settings in server.xml is critical.
+1000
I spent several hours last night attempting to get SSL working on TC4m6
standalone, with no success. I did everything the
Christopher Cain wrote:
[snip]
P.S. Quick question: The 3 JSSE libraries need to live in
$TCHOME/server/lib, yes?
Okay, I guess as long as I'm asking, can someone please post the exact
syntax for the second (SSL) Connector in server.xml (keystoreName
keystorePass are attributes
(Two different mails snipped and referenced below :-)
Craig R. McClanahan wrote:
Yes, that should be conf/server/lib. Alternatively (and the way I run
it), you can put these three JAR files in $JAVA_HOME/jre/lib/ext.
A few things here. First, it is unnecessary, then, to have the JSSE jars
Hot damn. Taking the classes out of the TC hierarchy got rid of that No
Such Algorithm business. Thanks Kevin!
Is that more-or-less expected behavior, or should I log it into bugzilla
so that it gets tracked as a bug? I'd be happy to look into it further,
although with my rather limited exposure
Remy Maucherat wrote:
Quoting Christopher Cain [EMAIL PROTECTED]:
Hot damn. Taking the classes out of the TC hierarchy got rid of that No
Such Algorithm business. Thanks Kevin!
Is that more-or-less expected behavior, or should I log it into
bugzilla
so that it gets tracked
First, just a quick follow-up on the previous thread. Using the keystore
defaults for the TC4 SSL standalone config works as planned. Trying to
override the keystoreFile and/or keystorePass defaults, unfortunately,
does not work (different exceptions for each).
It makes me extremely nervous to
Pier P. Fumagalli wrote:
The only thing is that apache uses getpass(), so securing the password when
you type it, as it's not read from stdin, but ioctling your tty device.
Asking for your cert on stdin is not _that_ secure.
Depends on your point of view, I suppose. If I'm sitting at the
Jim Seach wrote:
--- Christopher Cain [EMAIL PROTECTED] wrote:
In short, it is currently a needless exposure, and
certs are much more
important than most other resources. If I paid good
money for a real
cert signed by a CA, I would especially have a
comprehensive security
Jim Seach wrote:
[snip]
One of the possible custom solutons is to encrypt the
other information with your public key, then use the
private key to decrypt the other sensitive
information. Since the info is signed with the public
key, any developer could encrypt information that
Jim Seach wrote:
--- Christopher Cain [EMAIL PROTECTED] wrote:
The system would still have to have access to the private key, which
would have to be protected with some kind of PBE scheme, in which
case
you are right back to specifying a password in the config files.
Aside
I forgot to mention that I plan on offering to port this initial
keystore security solution (whatever it ends up being, although the
Apache-style prompt is so far the only idea being floated) to the 3.3 if
there is any interest in having it. I don't technically consider it a
bug, so the 3.2
Quoting Jim Seach [EMAIL PROTECTED]:
I think we're in agreement. The initial authentication problem
needs to be resolved before we can talk about leveraging it to solve the
other problems. I like your proposal of an optional prompt solution
for this.
Cool.
This is an area of interest
Larry Isaacs wrote:
Hi Christopher,
I would be very interested in having this available for Tomcat 3.3.
Since I'm not a security expert, I'll defer to those better informed
to decide the appropriate solution. Would this keystore security
solution plug into Tomcat 3.3 using an
Craig R. McClanahan wrote:
Not a problem ... it's just that I think you're being a little narrowly
focused on the solution to *your* problem, and ignoring the bigger picture
:-).
I suppose that's fair to a certain extent. I do see cert protection as a
little more critical than many of the
[EMAIL PROTECTED] wrote:
Hi Christopher,
I just checked, and for 3.3 you don't need any change in the core or any
other place in tomcat.
Cool, I didn't think so. I figure that if I needed a core change for a
command-line challenge at startup, I most probably did something wrong.
=)
All
jean-frederic clere wrote:
Encrypting server certificates is not bad but it prevents starting the server
automaticly.
Storing this password is a nonsense.
OpenSSL (for example) allows to modify this password or to have no password.
If the server certificates is encrypted then we should
Costin:
Okay, I've looked over the whole Interceptor/Callback scheme, as well as
the HTTP and SSL-related implementation classes, and I have a question.
As I'm sure you know, it's all a little daunting for a newcomer like
myself, so please bear with me =)
I followed the whole startup routine
Quoting [EMAIL PROTECTED]:
On Wed, 1 Aug 2001, Christopher Cain wrote:
I followed the whole startup routine from Tomcat.startTomcat() all
the
way through where the ContextManager calls the
ServerXMLReader.addInterceptor(). That's where the whole
hairy-chested
XML parsing begins
release, 3.3 is now in beta (although I believe
that the milestones are still available), and AFAIK all of the 4.0 betas
are still there.
- Christopher
-arun
ps: One can always check out of CVS based on a release label, of course.
-Original Message-
From: Christopher Cain [mailto
Rob doesn't need me to defend him ... but I will anyway =)
Arun Katkere wrote:
OK, Rob, you are the voice of the majority (I probably missed a vote on this
topic where people told you so)
Craig initially proposed it early last week, and I was the first one to
step up with vocal support for
Attached is my generic utility which will allow for command-line interaction
with the user during Tomcat startup. I've named it Feliner because I'm so
witty. Even better, I've decided to name my proposed centralized External
Resource Security module LitterBox, since it will be where Tomcat
: Command-Line Utility Attached - Feedback Requested
To: Christopher Cain [EMAIL PROTECTED]
Hi,
I'm guessing you're probably after feedback on how it would fit into the
tomcat archtecture, but I thought I'd offer this anyway. I changed the
promptForInput to this:
[snip]
try
I need a quick jumpstart on how to hook my password prompter into the
Catalina startup process. I assume that I shouldn't implement it as a
Valve, as those have to do with the Request/Response chain. The
Connector level in server.xml appears to be the appropriate level in
the hierarchy, but it's
Totally OT, bandwidth-wasting, irrelevant musings P.S. ...
Where did that Paulo Gaspar cat go? That guy was always interesting in a flame
war, especially with Jon involved. Man ... dude did NOT like Jon, but he sure
loved Velocity. I wonder he went ... I really miss those days, back when we
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Valves are designed for request processing, not component startup and
shutdown. See below for an alternative suggestion.
Yep, that's the general conslusion I came to in looking over the codebase.
Cool, at least I know I can still RTFS and get
Costin:
You told me in the beginning that if I needed any additional callbacks to let
you know. I think I do, and I'll explain why. If you think I'm on the wrong
track, let me know.
Any arbitrary number of http interceptors can be defined (I think, right?),
each with the ability to bind to a
P.S.
What's the difference between engineInit() and engineStart()? They both
say Called when the ContextManger is started, so when in the loading process
does each get called?
- Christopher
I've become pretty knowledgable on the whole startup process over the past week
or so, with some help from Costin and in examining the source. While I don't
have the broad overall container knowledge that the core developers have, I'll
try and help out with any of the startup/loading related
Quoting Paulo Gaspar [EMAIL PROTECTED]:
Sorry man, I can't make a really good flame war when I agree
with Jon.
That's okay, buddy. You're back, and that's the important thing. We missed you
is all ;-)
- Christopher
I'm awaiting final word from Costin on the specific design of my
prompter 3.3 Interceptor (I know it's a rather long e-mail and will
require some thought, so I'm not complaining, just stating the status of
things). I have already begun creating the 4.0 listener as well. In
order to try and time
Kanan:
You'll have to forgive Pier, he's a little grumpy this week (not that we don't
love him anyway) =)
What is being discussed is whether or not to remove inactive developers from
the server where the source code resides. It doesn't affect the mailing lists
in any way; they just need to
1. In server.xml, does an embeded listener take the same form as it does
in web.xml:
Connector ...
listener
listener-classmy.package.class/listener-class
/listener
/Connector
2. In the above example, should the custom jar containing
my.package.class simply be placed into the
Pier P. Fumagalli wrote:
[pier@bubbles] ...
Thanks for the visual ;-)
To do my connector testing, I just installed the TC4 binary on a Win98 machine
(don't laugh :-)
Anyway, not being very DOS/Win knowledgable, it took me a few minutes to figure
out a slight problem with the Windoze startup logic that was causing it to
simply spit out bad command or filename.
Quoting Remy Maucherat [EMAIL PROTECTED]:
Hi,
I will be on vacation for two weeks starting this week-end. I will be
back on the 26th.
Where you headed, boss? Anywhere scandaleous?
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
By the TC4 binary do you mean the ZIP file or the new executable
(.exe file) that includes an installer?
The zip.
The standard startup scripts work fine for me on my Win98 laptop ...
the Catalina thing is ignored and Tomcat starts just fine in
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Sheesh ... the only thing that catalina.bat puts on your CLASSPATH is
%CATALINA_HOME%\bootstrap.jar and %JAVA_HOME%\lib\tools.jar -- if
Win98 can't even do that without a custom configuration setting, that's
pretty lame.
Actually, it wasn't the
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
I haven't tested it myself, but the original reporter said that he
suspected it *would* fail on NT.
You can try it for yourself on Win2K with the following URL:
http://localhost:8080/.../
If you get a directory listing of the
Hey Rob ...
I think adding a quick note to RUNNING.txt would be definitely
worthwhile. Win98 out of the box apparently gives you a blank
config.sys, as I know for sure that I've never edited that file.
- Christopher
Rob S. wrote:
BINGO! That was it. My config.sys didn't have anything in it
The attached 5-pack is stage one of a three-step process working toward a fix
for TC4 Bug #1400: proper handling of a keystore with multiple entries.
This round is simply a cleanup of the exception handling/logging. The initial
implementation had notes about FIXME, so I did :-)
These may look
Pier P. Fumagalli wrote:
Err... Warp doesn't (yet) support TLS sockets, but, since you changed the
signature, I believe it needs to go in :) :) :)
I figured that you are already answering enough mail on how to build
Warp, so I best not change any signatures out from under you ;-)
Well,
I'm in the process of cleaning up the 4.0 SSLServerSocketFactory, and it
occurs to me that I find the getKeystorePass method offensive. There
should never be any reason to retrieve the keystore password once it's
set, and it makes me uncomfortable having the method there. I'm not sure
if it could
The second phase of cleanup ended up being pretty undramatic. The Jikes
problems I was seeing ended up being the fact that I have the SSL jars
as installed extensions in the jre/lib/ext, so Jikes didn't have
explicit access to them (which I would have known immediately if I had
paid attention to
Hey buddy.
First of all, thanks for the nod on getting committer status. Nothing
has happened yet, and I e-mailed Craig privately to get his thoughts on
whether he favors the idea or not. I haven't heard back yet, but I know
he's a busy man. I'm sure at some point that my PATCHES assult will
), if anyone feels like
PRIVATELY (off-list) giving me their thoughts on Velocity vs. XMLC, feel
free.
Otherwise, feel free to just delete this renegade mail and go on about
your day :-)
- Christopher
Christopher Cain wrote:
Hey buddy.
First of all, thanks for the nod on getting committer status
Quoting Rob S. [EMAIL PROTECTED]:
[snip]
Answering questions on the mailing list until then will hopefully be
less stressful =)
LOL
Less stressful ... not likely. Noble endeavor ... absolutely! ;-)
:-)
Craig R. McClanahan wrote:
On Wed, 15 Aug 2001, Pier P. Fumagalli wrote:
[EMAIL PROTECTED] at [EMAIL PROTECTED] wrote:
Fix a spec-compliance bug in the implementation of PageContext.include(),
which was not flushing the output stream even though this is explicitly
required
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
On Thu, 16 Aug 2001, Pier P. Fumagalli wrote:
OH SSL GURU! :) :) Do you have any clue (Reply to all so it'll go
in
tomcat-users too!)
Don't worry, baby. The SSL doctor is in session ;-)
Hi
I'm getting used to Tomcat but not enough
and fire off a TC 3.3 version in
the morning.
Love to the family,
- Christopher
Tomcat 4.0 Standalone - SSL Configuration
Author: Christopher Cain
[EMAIL PROTECTED]
QUICKSTART VERSION
1. Download JSSE 1.0.2 or later and make it an installed extension by copying
the JAR
Oops ... one other thing. If someone decides to commit this as-is, please
add '(passwords: changeit)' to Step 3 of the QUICKSTART section.
- Christopher
Author: Christopher Cain
[EMAIL PROTECTED]
Contents
===
Section 1: QUICKSTART INSTRUCTIONS
Instructions
Section 2: SSL PRIMER TIPS
Introduction to SSL
SSL and Tomcat
Certificates
General Tips on Running SSL
Section 3: CONFIGURATION
review the documents before
committing them. Thanks for the help.
Larry
-Original Message-
From: Christopher Cain [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 16, 2001 2:12 PM
To: Tomcat-Dev
Subject: New SSL HOWTOs
While creating the 3.3 version of my SSL HOWTO, I
[EMAIL PROTECTED] wrote:
craigmcc01/08/16 13:21:54
[snip]
I took a couple of minor liberties with the wording,
but the rest was great.
_Outstanding_ job on those liberties. The polishing you did in a few
places is superb, and the final version is quite slick. Thanks!
- Christopher
Rob S. wrote:
org.apache.tomcat.util.net.TcpConnection - java.net.SocketException:
Connection reset by peer (maby this must be Pier?)
HAHAHAHAHHAA that's too funny =)
Connection reset by Pier lol
LOL! I think someone should try and sneak in a source patch and change
the exception to
Quoting Jim Seach [EMAIL PROTECTED]:
Thanks!
I tried out your quickstart instructions with JDK 1.3 and Tomcat 3.2.3
on Windows 98 and it worked like a charm. The background and detail
sections are well written and contain valuable information.
Nice Job!
Cool, thanks =)
I can't really
Pier P. Fumagalli wrote:
FYI... The next one I see on any mailing list suggesting to start tomcat
(any version) from the RC files without changing user id will understand
what it means to be flamed... :-/
Yep, that's definitely a bad thing.
[snip]
I'm attaching a little C script that
Pier P. Fumagalli wrote:
Christopher Cain at [EMAIL PROTECTED] wrote:
I'm attaching a little C script that degradates the process to a specified
user before execuing it. To compile do gcc -O2 safexec.c -o safexec and to
run, (for example catalina) do:
safexec username
Quoting Pier P. Fumagalli [EMAIL PROTECTED]:
I keep my stance, if I see someone saying running (put your favourite
service here) as root is safe, as you did, I'll flame him. Think TWO
steps ahead, ALWAYS.
Pier (security conscious)
If I may ...
First of all, I have not read the thread
Quoting Pier P. Fumagalli [EMAIL PROTECTED]:
(BTW, wouldn't it be wise to disable CGI execution in the default
configuration? I don't know, after hearing people running Tomcat as
root, I feel we really should!)
+1
Quoting Dmitri Colebatch [EMAIL PROTECTED]:
Its a function thats defined in /etc/rc.d/init.d/functions on a redhat
(and mandrake) box.
cheesr
dim
Ah ... cool. See, I still learn something new every day.
Cheesr, buddy ;-)
- Christopher
Quoting Martin van den Bemt [EMAIL PROTECTED]:
point taken about the root thing..
I took back my words on that it safe to run as root (as quoted in my
mail to Pier).
Cool. As I said, I had't really read the thread. I wasn't singling you out, I
just wanted to make a definitive comment for
Quoting Mark Castillo [EMAIL PROTECTED]:
Hi all. I'm new to the list. Sorry if someone has already brought this
up, but couldn't the code provide some native methods for changing the uid
of the process after binding to the network ports (if they want to start
as root, binding to a port
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Craig (who is amused by this, since Apache itself ships with CGI
enabled)
True enough, but the very point of JSP/Servlets is to obviate the need for CGI.
I can't imagine that ANYONE would want to run CGI from Tomcat unless they had
some legacy
Quoting Mark Castillo [EMAIL PROTECTED]:
[snip]
What I was really wanting to evaluate was how you guys are managing
sessions and how sessions information could possibly leak out via
the filesystem, memory, or other ways. The application we are running runs
in a hostile environment (remote
Quoting Craig R. McClanahan [EMAIL PROTECTED]:
Don't get me wrong, I'm ok with turning it off by default ... but it
also needs someone to write a HOWTO document on how to turn it on and use
it (to avoid endless questions on TOMCAT-USER about I thought you said
Tomcat 4 supported CGI :-).
Quoting Mark Castillo [EMAIL PROTECTED]:
It is not a product that we are planning to have publicly available,
although we develop it in a commercial release-like fasion. We do have
the software running on about 100 customer sites now. The company I work
for is Counterpane Internet Security
Quoting Jan Labanowski [EMAIL PROTECTED]:
Guys,
You are getting religious about CGI... Religious is good, but I worry
that it is a cult {:-)}. CGI was a good thing for last 6 years, and it is a
still good thing sometimes.
CGI is a technically _horrible_ solution. The entire process model is
Quoting [EMAIL PROTECTED]:
larryi 01/08/19 15:48:56
Modified:src/share/org/apache/tomcat/modules/server
PoolTcpConnector.java
Log:
Add methods to allow detecting if Keystore and Keypass have been
set.
=)
Quoting Bojan Smojver [EMAIL PROTECTED]:
I guess most people would like to run Tomcat with server HotSpot if
there is one. Can we do something like this (just to save most people
a
bit of configuration file editing, environment variable setting and
the
like):
--- tomcat.sh Wed Jul 18
Quoting Christopher Cain [EMAIL PROTECTED]:
That's a cool idea, IMHO.
With the option to not run HotSpot, as pointed out. Craig and Larry/Costin, if
I wanted to add a small one-liner to a doc file pointing this out. I hadn't
thought of it myself, and I'm not positive that I would have
No problem.
Henri, if you could please send me the html file you have, I'll
integrate it with the what I had :)
For the 4.0 doc, I'll send a patch aagainst what was already checked
into cvs.
For 3.3 ... Larry, have you made any mods yet to the original doc I sent
(like perhaps the JDK 1.1
Curtis Dougherty wrote:
Chris -
I may be the biggest idiot on the planet
Nah, SSL can just be a little tricky sometimes :)
but I have Read and Re-Read the SSL How-2 for Tomcat 4 - honestly...
it reads exactly like the REM'arks in the Server.xml
Well, hopefully it has a *little* more
GOMEZ Henri wrote:
Henri, if you could please send me the html file you have, I'll
integrate it with the what I had :)
Will you include your part in my current tomcat-ssl-howto.html
or doing the reverse ?
I'd like (better) to see your works in the tomcat-ssl-howto.html :)
Apologies
;-)
ssl-howto.patch
Pier P. Fumagalli wrote:
Justin Erenkrantz at [EMAIL PROTECTED] wrote:
On Tue, Aug 21, 2001 at 06:51:52PM -, [EMAIL PROTECTED] wrote:
craigmcc01/08/21 11:51:52
Modified:catalina/src/share/org/apache/catalina/core
StandardServer.java
Log:
Craig R. McClanahan wrote:
On Tue, 21 Aug 2001, Christopher Cain wrote:
Pier P. Fumagalli wrote:
Justin Erenkrantz at [EMAIL PROTECTED] wrote:
On Tue, Aug 21, 2001 at 06:51:52PM -, [EMAIL PROTECTED] wrote:
craigmcc01/08/21 11:51:52
Modified:catalina
Craig R. McClanahan wrote:
On Tue, 21 Aug 2001, Christopher Cain wrote:
[snip]
Now, if you could just add a small random value to expected before you
drop into the while 0 loop to make it non-deterministic , please ...
(just kidding ;-)
Don't laugh. That's what I had actually
Jon Stevens wrote:
I have yet to hear of a bug report with regards to parsers on Win32 with
Anakia.
I have yet to be able to get jakarta-site2 to run using Craigs .xslt file
...
(on OSX).
LOL! That's your first problem, it's that damn that Mach kernel ;-)
(just kidding, Mac kiddos
Quoting Dmitri Colebatch [EMAIL PROTECTED]:
You can link to other packages like this:
[dim@host63 javadoc]$ javadoc -d docs/ \
-linkoffline http://java.sun.com/j2se/1.3/docs/api/ \
. src/Test.java
and in the current directory have a file called package-list that
contains
all the
Quoting James Duncan Davidson [EMAIL PROTECTED]:
fyi.
Begin forwarded message:
[snip]
I have write an article for my spanish-java-website
(http://www.javahispano.com) and I think it can be very useful for a
lot of
people. It´s about conteiner managed authentication in Tomcat
Quoting Christopher Cain [EMAIL PROTECTED]:
I couldn't find any link or anything.
Oh, I get it. There's an attachment. hehe ... Sorry, I'm kinda new to this
whole internet thing ;-)
Can you tell that I'm not used to this new IMAP client I'm using?
- Christopher
An empty @return directive was throwing a minor build message. While I
was there, I did a few other trivial touch-ups. Typos, as well as a new
@return for a method that was missing one. :)
- Christopher
RealmBase.patch
Wolfgang Hoschek wrote:
Sorry, I am posting to tomcat-dev although not subscribed...
Two suggestions:
- Perhaps it is a good idea to also describe in the SSL HOWTO ways to
configure SSL without stuffing libs into jre/lib/ext. Some sites run
multiple versions/vendors of jdks, TC, JSSE,
This is a quick note about the trouble with virtual hosts in SSL. It's
one of those non-obvious little gotchas, so I figured it deserves a
quick note as well.
- Christopher
ssl-howto.patch
LOL! That poor cat. Although I'm surprised that the JDC crew didn't forward it
to Edwardo Company and/or us for review ... you know, before sending it out
to a couple hundred thousand developers, give or take.
I assume that:
Some versions of Tomcat delay the calling of getWriter(), so
I _KNEW_ you weren't going to let us down on this one ... any rather
embarrasing blunder with JSP just really cries out for a Jon reply.
I was originally going to ask the (smart-ass) question as to why they
didn't go with Velocity for that particular tip, but we made Pier kinda
made last time. I
Quoting Pier Fumagalli [EMAIL PROTECTED]:
A very big warm +1 :) Welcome Chris...
:) ... Pier, my main man ... welcome back to the land of the living!
Thanks to everyone for the warm reception. Some of you I haven't spoken with
personally yet, but I look forward to collaborating with you on
Quoting Keith Wannamaker [EMAIL PROTECTED]:
Could this ever happen or am I doing something silly?
Keith
[snip]
+ if (cp != null) {
System.getProperties().put(tc_path_add,cp);
+ }
Not sure if it could possibly happen or not. Just to add my $.02 to the above,
however,
Rick Mann wrote:
on 8/28/01 9:08 PM, Rob S. at [EMAIL PROTECTED] wrote:
I've seen lots of discussion on the user list desiring the
ability to have
additional classpaths available to web applications, but not necessarily
available to all web apps.
...mainly because people don't
Rick Mann wrote:
on 8/29/01 1:15 PM, Christopher Cain at [EMAIL PROTECTED] wrote:
I'll throw an idea out here, although it may well get shot down for
either spec non-compliance, possible security concerns, or just general
lack of sex appeal ;-)
I think I'd complain mostly
Rob S. wrote:
2) Add those search paths myself, in my webapp's code. Keep in
mind that, as
Rob S. speculated, I know very little about the ClassLoader mechanism.
When I wrote the email, I wasn't implying that whatsoever, but I can see
quite clearly now how it could be taken.
Rick Mann wrote:
[snip]
Now, to avoid changing the spec, which I understand to be the Servlet 2.2
spec
Depends on which version you're using. Tomcat 3.x conforms to the 2.2
spec. Tomcat conforms to the almost-finalized 2.3 spec.
which also understand to specify the structure of the
Hi there. I frequently do crypto in servlets, and I have not personally run
into any problems. The only relevant difference between your environment and
some of mine, as far as I can tell, is that while I have heard of Cocoon, I
have no idea what it is =)
Also, I'm a little confused as to why
101 - 200 of 209 matches
Mail list logo
