Howdy,
This will get you on the thread:
http://marc.theaimsgroup.com/?l=tomcat-devm=102971833127528w=2
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Amy Roh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 28, 2003 3:32 PM
To: Tomcat Developers List
Subject: bugzilla
Howdy,
One comment/question: the killing thread will only be used by choice,
i.e. someone explicitly setting the shutdownWait 0. Accordingly, for
that person the killing thread shutdown will be a normal shutdown, and
the exit status should be zero instead of one, right?
Yoav Shapira
Millennium
Hi,
Hmm. It's a debatable question.
Since the startup scripts don't keep track of how the JVM exited, it
really doesn't matter what exit code is used since no one is probably
tracking it.
I disagree. People could keep track of it and use it for various things
(restart the server, notify
Howdy,
While I don't particularly care for this particular thread (and thus
don't mind the patch either way), I did point want to make a couple of
comments:
This should be a required feature.
Let's be very clear on what's required and what's not. Per SRV.9.10,
Welcome Files, and specifically
Howdy,
What would you suggest as the possible outputs from the status command?
Personally, every time I've tried something like this I've run into
granularity problems. Is the status ok when there is a server
process, when the server manager webapp is available, or when user
webapps are all
, and
start) command.
-Mark
Shapira, Yoav wrote:
Howdy,
What would you suggest as the possible outputs from the status
command?
Personally, every time I've tried something like this I've run into
granularity problems. Is the status ok when there is a server
process, when the server manager webapp
Howdy,
I'd be interested and willing to help implement this.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 05, 2003 9:19 AM
To: Tomcat Developers List
Subject: [5.0] Monitor servlet
Hi,
I proposed that
Howdy,
A couple of days ago I was setting up a new environment for a friend,
and followed these instructions to the letter without a problem at all:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/BUILDING.txt
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Joseph
Howdy,
Can you elaborate on your findings regarding log4j's memory leak? A new
thread might be better for this. Thanks,
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Aditya [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 13, 2003 11:58 PM
To: Tomcat Developers List
Howdy,
Not a committer, but I'll throw it my 2cents (US) as long as it doesn't
offend anyone:
+1 on dropping fileupload
[X] Stable on 4.1.22 stability. Been using it without a problem, but
then again we don't use the JDBC store/realm functionality.
Yoav Shapira
Millennium ChemInformatics
Howdy,
The usage would be to enable multiple TC instances using the same
server.xml file.
But what about the real connector ports, used by apps, defined inside
server.xml? Would you need to change those as well?
In 5.0 I would like to use ajp13 for shutdown, like in 3.3 - there is
no
Would
Howdy,
At the risk of being just a me too post, since this is a sort of vote,
I would say -1 as well. I simply wouldn't bother to subscribe to
tomcat-connectors-user if it were a separate list.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Glenn Nielsen
Howdy,
If you enable the RequestDumperValve (in server.xml), and have n request
processing threads, then the last n entries in the log at any time
represent the last n requests (not necessarily in the order they were
received by the server)...
Yoav Shapira
Millennium ChemInformatics
Howdy,
Isn't Crimson in JDK1.4 ? I remember we decided to disable XML schema
validation.
Crimson is in JDK 1.4. Crimson is officially hibernated and my
understanding is there are no forthcoming releases. I don't know if
Tiger (aka JDK 1.5) will include Crimson, another XML parser
Howdy,
I've used Ant's xmlproperty task to validate web.xml as part of
deployment...
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Costin Manolache [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 02, 2003 4:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Why does Tomcat
Howdy,
- modeler: Basis for Tomcat 5 JMX features, with a lot of new
impressively efficient functionality since release 1.0; again, a
critical component [Costin (do you have enough time to continue being
the RM of that component ?)]
I have very little free time - if anyone could do the
Howdy,
The Commons web pages have some notes for doing Commons releases at:
http://jakarta.apache.org/commons/releases.html
Those instructions seem clear enough. I volunteer to be the release
manager for modeler 1.0 ;)
There seem to be no bugs open for modeler in Bugzilla (Zarro Boogs
Howdy,
The Commons web pages have some notes for doing Commons releases at:
http://jakarta.apache.org/commons/releases.html
Despite the fact that they're flagged as beta, IMHO the instructions
here
are better:
http://jakarta.apache.org/commons/releases/
Excellent: thank you for posting
Howdy,
I'd like to see it on jakarta-tomcat-site as well: +1. It's important
enough to be included with the other tomcat product documentation IMHO.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 07, 2003 7:44
Hi,
All that as part of an effort to reduce Tomcat memory footprint (to
make
it more suitable for large scale deployments),
I'm just curious how the two go together? Wouldn't large-scale
deployments care less if tomcat's memory footprint was larger? It's
typically the small (micro, on chips,
Howdy,
I've noticed many times that most, well, 'privates' in Tomcat (and many
other Jakarta projects) are private, while having them protected would
greatly ease coding any derivated classes, why?
There could be any number of reasons. My guess is (and I know in my
code) many times stuff is
Howdy,
+1 to port the patch ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Martin Cooper [mailto:[EMAIL PROTECTED]
Sent: Friday, June 13, 2003 2:48 AM
To: [EMAIL PROTECTED]
Subject: Fixing the tomcat-catalina Gump failure
The Gump build for tomcat-catalina started
to make a jakarta-commons
subproject out of it. See the message below for more details.
What do people think?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Shapira, Yoav
Sent: Tuesday, June 10, 2003 1:57 PM
To: Tomcat Users List
Subject: RE: Rotating catalina.out
Howdy,
First of all, forgive me if this is trivial, but investigating the
source,
and various web resources, I was not capable to find the answer, so I
hope
you can help me.
Did you read the Logger configuration reference in the tomcat 4.1 docs?
I saw that Tomcat has a different log for each
Howdy,
complete. What's missing is better docs, and lots of tweaks and fixes.
I'd like to help with the docs. Can you prioritize what docs you think
need work (or need to be written from scratch)? I actually have tomcat
commit access already, so there should be no delay like with
Howdy,
What is included in context-separation logic ?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 2:19 AM
To: Tomcat Developers List
Subject: Place for optional components
I would like to port the
Howdy,
Sounds reasonable to me.
Maybe all that's needed is updating the paths in the context
descriptors
for both webapps.
I'll update the docs as needed if we make this change.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication, and
may contain
Howdy,
1) I want to call setsid (on platforms that support it) after the
detach,
since evil things happen if I don't (at least on RH Linux).
Good idea,
2) I want to add a -outfile and -errfile to the config options
(consistant
with procrun, and both defaulting to /dev/null). stdin will get
Howdy,
What about the other commas? I'm not that familiar with LDAP specs, so
this may be a stupid question, but why are you escaping only the first
comma?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Gross, Jessica [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24,
Howdy,
Download tomcat source and use one of these tools:
http://www.cse.ucsc.edu/classes/cmps115/Fall02/tools/tools.html
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 1:24 AM
To: Tomcat
Howdy,
That's why the Logger elements supports anything you want in its
directory attribute. I don't think this patch is strictly necessary
and I'd prefer to keep the startup scripts as simple as possible. What
does this patch give you that you can't already do?
Yoav Shapira
Millennium
Howdy,
Thanks - there's already an open Bugzilla item for this and it'll get
fixed ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 9:39 AM
To: [EMAIL PROTECTED]
Subject: url doesn't work
The
Howdy,
+1. There will always be users with old versions, but if they lose
their original they either have to update to the latest stable release
on that branch or get their old version elsewhere.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat
Howdy,
On a couple of days testing, no problems. Very light JSP testing, heavy
servlet testing. Easily beta:
[ ] Alpha
[X] Beta
[ ] Stable
With some more time, more testing, maybe stable.
Yoav Shapira
This e-mail, including any attachments, is a confidential business communication, and
Howdy,
Currently o.a.c.startup.ClassLoaderFactory just does a standard
directory
listing. It might be nice to have the directory listed sorted in some
manner
so files with certain attributes might be loaded first.
I was thinking of either
- sorting by date
- looking for
Howdy,
Tomcat 4.1.26-LE
Solaris 8
JDK 1.4.2
Invoking $CATALINA_HOME/bin/startup.sh produces the following output:
/home/shapira/tomcat/bin/catalina.sh: !: not found
Using CATALINA_BASE: /home/shapira/tomcat
Using CATALINA_HOME: /home/shapira/tomcat
Using CATALINA_TMPDIR:
Howdy,
I would also vote -1 as I mentioned before. It's another source for
confusion and bugs, and does not add much in practice I think. The
small bugs that necessitate one class changes are typically not
showstoppers, but more the PITA category that Tim referred to. To the
individual
Howdy,
- Stripping out all the Catalina related part of the stack trace in the
HTML generated by the ErrorReportValve; that eases debugging.
Hmm... As long as the full stack trace, including Catalina, is still in
the log file, that's OK. I know the Catalina parts of the stack trace
frequently
Howdy,
The full trace of the root cause is now logged (instead of the full
trace of the exception, which was not very useful IMO).
The new display seems to me significantly easier on users (esp when
using the request dispatcher a lot, which could have created huge stack
traces in the past).
Hi,
ballot
[ ] Alpha
[ ] Beta
[X] Stable
/ballot
Stable. Been using it in our staging environment (exact copy of
production) since the day it came out, without any problems.
I agree that this has been the RC period. I don't think there are any
showstopper bugs, and I don't think we'll get a
Hi everyone
I'd like to volunteer to help with tomcat ;) I've been using it for a
while, read the Apache guidelines, looked at the source code a bit, and
been developing in Java for a few years.
From Remy's message, it sounds like maybe more people are needed to help
with the admin webapp?
Hi,
The state of the server process can be many things. It can be the
server process is alive, it can be that the host/port respond to
requests, and it can be that your app is actually available for work.
All of these can be checked in various ways.
Which one were you interested in? What would
Hi,
One of my client is trying to use Tomcat Server (3.3.1) with their web
service products. One of the challenge we face is the memory/cpu usage
on
Windows 2000 server. They currently have IBM Websphere to handle
various
java servlet and JSP, and memory usage is little pretty high from their
Hi,
personally, didn't find it very challenging to download the 4.1.13
source
distribution (to a machine behind a firewall), and configure it to
build
including the optional libraries. I really *don't* want to be forced
to
download nMB of code to do what I can do with a couple of minutes with
Hi,
Tomcat 4.1/webapps/servlet1/web-inf/classes/st/Servlet1.class
How call in a brobser my class?
http://yourhost:yourport/servlet1/servlet/st/Servlet1
I suggest you give your web application a name other than servlet1
because that name might confuse you. A name like myApp is better.
The
Hi,
By the way: this belongs in tomcat-user, not tomcat-dev. I replied to
tomcat-dev by accident. Sorry about that, and please post only dev
questions to this list.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Correo [mailto:hefperez;ar.inter.net]
Sent: Friday,
Hi,
Every now and then a message along those lines comes up. I've seen it
in all the open sources projects I've contributed to, and (what does
that say? I have too much free time? ;)) these are many.
I will quote a response, not written by me, that I think is a perfect
way to look at the
Hi,
Interesting. Thank you for sharing.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Andrew C. Oliver [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 2:11 PM
To: [EMAIL PROTECTED]
Subject: new Performance benchmarks/comparisons on tomcat
Howdy,
I'll see if I can get around do it.
FWIW, I've been profiling our app on every tomcat version since 4.0.4
(all
-LE-jdk14, all running on Solaris 8), and the tomcat classes certainly
have gone down as far as CPU time and memory requirements.
Unfortunately I didn't record their improvement
Hi,
Can someone please provide dates for the release of Tomcat 5? I
realise there is nothing definite, but a ball-park date is what
i am looking for.
Is there an official roadmap someone can point me to?
There can't be a final release until the servlet specification v2.4 is
finalized. Keep
Hi,
In a rush on my way to (yet another ;() meeting, so:
- The current cluster API is dead.
- JavaGroups is good.
- Clustering is important.
= Your approach seems reasonable, +1 IMHO.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL
Create a separate minimal JSR 154 only distribution of Tomcat 4.x:
+1 [X]
0 []
-1 []
Yoav Shapira
Millennium ChemInformatics
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Howdy,
-0 I need JSPs so I'll work on the minimal JSR152 + JSR154
( and the full distribution ). Jasper is part of tomcat
and that's what most people expect.
If 3 committers are willing to work on and support such thing ( and
it does get more +1 than -1 ) - I see no problem.
Yoav - I suppose
Howdy,
As this is hopefully nearing a wrap-up vote...
Right. You need a distribution tailored for your use. Others may
have
slightly different dists they need. Where does it stop? Would we end
up
with 2-3 dozen different distributions? Tomcat can be used in so
many
different ways that it
Howdy,
First off, the general questions, then your specific design issue:
servlet and/or filter context running within its own JVM instance? or
within its own Process (as in java.lang.Runtime.exec)? In other words,
do
all servlets and filter contexts share the same JVM instance or are
they
Howdy,
I'm trying to consolidate the access logs for a whole bunch of Tomcats
using Spread (www.spread.org) like I do with Apache. The easiest way to
do this seems to be to patch
org.apache.catalina.valves.AccessLogValve to use Spread and I've done
that trivially.
Perhaps it would be better to
Howdy,
Why is the unpackWars flag set to true by default in tomcat 4.1?
I'm not suggesting the setting be changed, just curious about the
reasoning.
Thanks,
Yoav Shapira
Millennium ChemInformatics
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
Hi,
From my review it looks like Tomcat 4 has always defaulted to
unpackWARs=true. I have no problem with that being the default.
And it would not be good to change at this time since Tomcat 4
has been released for quite a while.
More importantly, it would break webapps which rely on the
Howdy,
Most people run JDK 1.4 now.
Where, pray tell, did you gather that statistical gem? ;)
Yoav Shapira
Millennium ChemInformatics
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Howdy,
The first thing I ask programmers I hire is How do you prefer to
program? What is your environment like? ... If the answer is along the
lines of vi, emacs, notepad, zsh, bash, windows command
line, then I feel much relieved...
Wow, that's kind of amazing -- I use the exact same question
Howdy,
always apply). All custom data in our apps is either stored in the
user.home directory, the preferences API, JNDI, or whatever. We tend
to
consider the .war file like an .exe or executable JAR file.
And I think this is where my interest comes from. Your considerations
are exactly the
Howdy,
So tomcat provides a temporary directory per-cotnext accessible via
javax.servlet.context.tempdir per the 2.3 Servlet Specification. No
problem there.
I don't think the spec (including the 2.4 PFD version) says anything
about cleaning up the temporary directory. Does tomcat provide any
Howdy,
1) Add a method 'List getSecurityConstraints(HttpRequest req,
Context
ctx)'
to Realm, and have AuthenticatorBase loop through them.
2) Have RealmBase create it's own special SecurityConstraint that is
the
intersection of all of the overlapping constraints, and leave
Howdy,
Having been running it for a full week in our complete test environment,
including JMeter scripts, I'm going to move my vote from Beta to Stable.
There's still the one little thing as I posted a few days ago, in the
catalina.sh scripts saying !: not found at the beginning. Startup and
Howdy,
The small Catalina.sh script fix ([! Os400] thing) will be in 4.1.27
right?
Looking forward to 5.0.6. What's up with the sessions issue?
http://issues.apache.org/bugzilla/show_bug.cgi?id=4690
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat
Howdy,
Thanks and enjoy the trip Remy ;)
Yoav Shapira (Also another -LE build user)
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 3:53 PM
To: Tomcat Developers List
Subject: [4.1.27] Builds uploaded
Hi,
I
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 5:17 AM
To: Tomcat Developers List
Subject: [VOTE] Tomcat 5.0 release plan
ballot
[X] +1 I approve this release plan, and I will help
[ ] +0 I
Howdy,
Cool - congrats and good luck ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Monday, August 04, 2003 2:40 PM
To: Tomcat Developers List
Subject: [OT] New job
This is OT, sorry.
I've accepted a position of
Howdy,
Although it's not yet mirrored on the main download site, you can use
modeler 1.1 final from my CVS account when building, if you'd like:
http://cvs.apache.org/~yoavs/release/jakarta-commons/modeler/
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat
Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 07, 2003 3:01 PM
To: Tomcat Developers List
Subject: Re: [5.0.7] New build by Sunday
Shapira, Yoav wrote:
Howdy,
Although it's not yet mirrored on the main download site, you can use
modeler 1.1 final from my
Howdy,
Really?
Ant's javadoc task is great. The javadoc tool itself is easy to use
from the command line as well. The platform (win XP in your case)
doesn't matter, this is java ;)
I've already been duped once this week by a sarcastic question, so might
as well go for two ;)
Yoav Shapira
Howdy,
This is a user, not developer question, so if you want to continue this
discussion do so on the tomcat-user mailing list.
public class UseOfParameters extends GenericServlet
snip
End of Source Code --
According to what i have read, a log file by the
Howdy,
ballot
[ ] Alpha
[ X ] Beta
/ballot
I don't think it really matters, except I'd like to say Beta to get more
users to download and test it. I think we've reached the point where
more user testing of the 5.0.x branch is highly desirable.
Yoav Shapira
This e-mail, including any
Howdy,
* commons-daemon: Needs a 1.0 release (any volunteers ?); needs
polish
(display of log items in the console could probably be nicer, bug
18220).
Sort of running before you can walk here ;-). Daemon needs to graduate
from
the sandbox before it can have a release.
Should we propose
Howdy,
Let me take a look -- I'll move the binaries as I can ;) Sorry about
that.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Bill Barker [mailto:[EMAIL PROTECTED]
Sent: Friday, September 05, 2003 4:19 AM
To: Tomcat Developers List
Subject: Re: [5.0.10] Tag
Howdy,
Where were the old binaries posted? I can't seem to find them...
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Friday, September 05, 2003 3:23 AM
To: Tomcat Developers List
Subject: Re: [5.0.10] Tag tomorrow
... Assuming you don't mean the nightly builds? Those are available at
http://cvs.apache.org/builds/jakarta-commons/nightly/commons-daemon/
and include the binaries.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Shapira, Yoav
Sent: Friday, September 05, 2003 9:18 AM
Howdy,
Seems like a good idea: the struts/log4j case is very common from what
I've seen, and moreover I think it's a best-of-breed/best-practice
configuration that we want to support seamlessly.
What do you need in terms of dependencies, other than commons-daemon?
I'll push a commons-daemon 1.0
Howdy,
My experience agree with what Senor Lin is saying: chunking increases
performance on slow connections for large static files. We have many of
these in our webapps and I observed a nice performance increase when
moving to the Coyote connector without changing any of our code.
Yoav Shapira
Howdy,
You use Embedded:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/org/ap
ache/catalina/startup/Embedded.html
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Xtremebytes Webmaster [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2003 10:12
Howdy,
Seems like too much work/complication for a small gain. How inefficient
is the current mechanism and how much performance would we gain from
your approach?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Jan Luehe [mailto:[EMAIL PROTECTED]
Sent: Monday,
Howdy,
What do you mean by too much work? :)
I already have a patch ready to be committed. It's just a few line
changes.
I mean two things:
1 - the work you've done, implementing the patch;
2 - the work to debug/trace user questions about why their TLDs aren't
loading when they should or vice
Shapira
Millennium ChemInformatics
-Original Message-
From: Jan Luehe [mailto:[EMAIL PROTECTED]
Sent: Monday, September 22, 2003 5:34 PM
To: Shapira, Yoav
Subject: Re: [PROPOSAL] Narrow down the list of JARs to be scanned for
TLDs
Hi Shapira,
so are you giving this proposal a +1, or do you
Howdy,
I already responded to this on the tomcat-user list, where this thread
belongs.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Wilson, Allen [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2003 12:27 PM
To: Tomcat Developers List
Subject: Configuring
Howdy
Works for me now, as it did (twice actually) yesterday. Maybe he had a
bad mirror assigned...
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Pier Fumagalli [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2003 6:37 PM
To: Tomcat Developers List
Subject:
Howdy,
Sorry I'm late, but been testing it for a few days, and definitely beta.
No problems for me ;)
[ ] Alpha
[ X ] Beta
[ ] Stable
Yoav Shapira
Millennium ChemInformatics
This e-mail, including any attachments, is a confidential business communication, and
may contain information that
Howdy,
I'm not a big security buff, but three things come to mind:
- The original post with the exploit is more than a year old, yet we
haven't heard anything about this actually used maliciously -- how come?
- Is it really a vulnerability? What can you get from this exploit?
All I see is tomcat
Howdy,
This is interesting, hopefully you won't mind educating me a bit
further...
- Is it really a vulnerability? What can you get from this
exploit?
You can hijack the user's session or steal information from a user's
cookie pretty easily with a XSS flaw such as this one.
How would you
, September 29, 2003 1at 2:34 pm, Shapira, Yoav sent the
following
Howdy,
This is interesting, hopefully you won't mind educating me a bit
further...
Not at all, but keep in mind I haven't studied all that much myself...
;-)
- Is it really a vulnerability? What can you get from this
exploit?
You
Howdy,
I think many people are waiting for tomcat 5 as a servlet 2.4
implementation. Not more, not less. While it has many other great
features, that's the main one, and there's no point in releasing it
until then IMHO ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
Howdy,
On the subject of AccessLogValve: I hadn't thought of the things Tim
suggested, but I have a different suggestion, part of a more general
suggestion:
1. Convert AccessLogValve to be a servlet specification 2.3 filter, i.e.
something portable. We can define it in
Howdy,
2. Eliminate the shared and common classloader repositories. Unless
these are required by the spec? Force webapps to be self-contained
by
putting all their classes in WEB-INF/lib or WEB-INF/classes of their
webapp. Have the WEB-INF/clases - WEB-INF/lib - endorsed - system
Howdy,
--- Shapira, Yoav [EMAIL PROTECTED] wrote:
1. Convert AccessLogValve to be a servlet
specification 2.3 filter, i.e.
That sounds wonderful and useful, but there are a few
problems here. Filters don't have access to all the
information that is needed to make a log entry the way
Howdy,
There's already an exposed API for writing tomcat loggers (just
implement org.apache.catalina.Logger and configure your logger in
server.xml). Let's get off that topic please and stick to the access
log filter I was proposing.
I think that many of those values, such as
ContentLength, are
Howdy,
Thanks for the response wrapper idea and skeleton -- that seems to solve
most of the problems we discussed.
For access logging in particular, I'd be concerned about a couple of
things:
* Filters don't see every request (for example, the authentication
challenges when you're using BASIC
Howdy,
This belongs on the tomcat-user list, not tomcat-dev. Please report your question
there and we can try to help ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Michal iplk [mailto:[EMAIL PROTECTED]
Sent: Friday, October 03, 2003 10:30 AM
To: Tomcat
Howdy,
Tomcat 4.1.x implements the endorsed classloader spec. It's compliant
with the Servlet Specification v2.3. What you can do if you want your
webapp to use the latest xerces/JAXP, is:
- Move $CATALINA_HOME/common/endorsed/* to $CATALINA_HOME/common/lib
- Put your later xerces etc. in
Howdy,
If it's easy, +1 ;)
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 10:24 AM
To: Tomcat Developers List
Subject: [5.0] System properties in server.xml (and elsewhere)
Hi,
I think it
Howdy,
The instructions are here:
http://jakarta.apache.org/site/cvsindex.html
I assume you've already read them, as you tried the command below. Did
you do a CVS login first? You have to login (as anoncvs in your case)
before you can checkout.
Yoav Shapira
Millennium ChemInformatics
Howdy,
You do a diff and enter the diff as a bug fix in bugzilla.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: liu ji [mailto:[EMAIL PROTECTED]
Sent: Monday, October 27, 2003 11:59 AM
To: [EMAIL PROTECTED]
Subject: how to commit the change?
I have changed some
1 - 100 of 550 matches
Mail list logo